Senior IT GRC Analyst at Costar Group in Arlington, VA | Kablio

Role

Description

risk assessments

vendor contracts

risk communication

risk framework

grc tooling

Lead third-party risk assessments for new and existing vendors, including security questionnaires, SOC report reviews, risk scoring, and reporting.
Collaborate with stakeholders in Legal, Finance, and Information Technology to ensure vendor contracts meet security and compliance requirements.
Communicate and drive change through clear articulation of risk findings and recommendations to both technical and non-technical audiences.
Maintain and enhance our third-party risk management framework aligned with industry standards and requirements, such as ISO 27001, SOC 2 Type 2, PCI-DSS, and Sarbanes-Oxely.
Utilize GRC toolsets and streamline processes and manage the assessment, tracking, reporting, and monitoring of our third-party information security supply-chain at scale.

Requirements

cissp

iso 27001

soc 2

hyperproof

onetrust

5+ years

Certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Implementer
Strong communication, analytical, and project management skills.
Familiarity with SaaS governance and best practices.
5+ years of experience in Information Security, Risk Management, or GRC roles with a strong focus on third-party/vendor risk.
A track record of commitment to prior employers
Bachelor’s degree from an accredited, not for profit university or college (preferably in Information Systems, Cybersecurity, or a related field).
Experience supporting compliance audits and client security questionnaires.
Deep understanding of ISO/IEC 27001, with experience developing control sets and the application of those control sets within a fast-paced corporate environment.
Experience with GRC platforms such as Hyperproof, OneTrust, Drata, etc.
Fluency in SOC 2 Type 2 and SOC 1 Type 2 reports, SIG, CSA CAIQ, particularly with regards to the utilization of these artifacts in the context of a risk assessment.

Benefits

401(K) retirement plan with matching contributions
Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks
Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
Tuition reimbursement
Commuter and parking benefits
Access to CoStar Group’s Diversity, Equity, & Inclusion Employee Resource Groups
Virtual and in person mental health counseling services for individuals and family
Life, legal, and supplementary insurance
Employee stock purchase plan
Paid time off
On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes

Training + Development

Information not given or found

Interview process

Information not given or found

Visa Sponsorship

no visa sponsorship provided.

Security clearance

pre-employment substance abuse testing.

Company

Overview

Founded 1987

Year Established

The year the company was first established.

Offers comprehensive data on properties, tenants, leases, and market conditions globally.
Known for its pioneering technology and research, delivers powerful insights to commercial real estate professionals.
Its旗舰平台, CoStar, provides unmatched property data, news, and analytics.
Platforms used by real estate professionals, from brokers to investors to property managers.
Expanded through strategic acquisitions, including the purchase of LoopNet and Apartments.com.
Data-driven insights help clients make informed investment and leasing decisions, shaping the global real estate market.

Culture + Values

Customer Focused: We strive to make a positive impact on our customers through innovative solutions.
Ownership: We take personal responsibility for delivering results.
Integrity: We act with transparency and integrity in everything we do.
Innovation: We drive progress through creativity and technology.
Collaboration: We believe in the power of diverse teams working together to achieve more.
Excellence: We are dedicated to the pursuit of excellence in our products and services.

Environment + Sustainability

2040

Net Zero Commitment

Aims to achieve net zero carbon emissions by this target year.

Committed to energy-efficient building designs and energy-saving programs.
Uses technological advancements to reduce environmental impact.
Annually tracks and reports on carbon footprint and environmental metrics.

Inclusion & Diversity

40% Global Workforce

Women Representation

Approximately 40% of the global workforce consists of women.

Committed to creating an inclusive and diverse workplace where all employees can thrive.
Has set specific goals to increase the representation of women in leadership roles.
Implemented training programs to promote diversity awareness and inclusive leadership.

Articles

Press Room – CoStar Group news & updates

Reddit post – scam warning about impersonators

Role

Description

risk assessments

vendor contracts

risk communication

risk framework

grc tooling

Lead third-party risk assessments for new and existing vendors, including security questionnaires, SOC report reviews, risk scoring, and reporting.
Collaborate with stakeholders in Legal, Finance, and Information Technology to ensure vendor contracts meet security and compliance requirements.
Communicate and drive change through clear articulation of risk findings and recommendations to both technical and non-technical audiences.
Maintain and enhance our third-party risk management framework aligned with industry standards and requirements, such as ISO 27001, SOC 2 Type 2, PCI-DSS, and Sarbanes-Oxely.
Utilize GRC toolsets and streamline processes and manage the assessment, tracking, reporting, and monitoring of our third-party information security supply-chain at scale.

Requirements

cissp

iso 27001

soc 2

hyperproof

onetrust

5+ years

Certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Implementer
Strong communication, analytical, and project management skills.
Familiarity with SaaS governance and best practices.
5+ years of experience in Information Security, Risk Management, or GRC roles with a strong focus on third-party/vendor risk.
A track record of commitment to prior employers
Bachelor’s degree from an accredited, not for profit university or college (preferably in Information Systems, Cybersecurity, or a related field).
Experience supporting compliance audits and client security questionnaires.
Deep understanding of ISO/IEC 27001, with experience developing control sets and the application of those control sets within a fast-paced corporate environment.
Experience with GRC platforms such as Hyperproof, OneTrust, Drata, etc.
Fluency in SOC 2 Type 2 and SOC 1 Type 2 reports, SIG, CSA CAIQ, particularly with regards to the utilization of these artifacts in the context of a risk assessment.

Benefits

401(K) retirement plan with matching contributions
Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks
Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
Tuition reimbursement
Commuter and parking benefits
Access to CoStar Group’s Diversity, Equity, & Inclusion Employee Resource Groups
Virtual and in person mental health counseling services for individuals and family
Life, legal, and supplementary insurance
Employee stock purchase plan
Paid time off
On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes

Training + Development

Information not given or found

Interview process

Information not given or found

Visa Sponsorship

no visa sponsorship provided.

Security clearance

pre-employment substance abuse testing.