Experienced or Senior GRC Analyst

Hotman Group (HG) has an opportunity for a full-time, remote, Experienced or Senior IT/ Security GRC Analyst. This position requires 7-10 years' experience in a similar role or function and starts as contract-to-hire. Top-tier workers will be converted to permanent within 6 months.

The Senior IT/ Security Governance, Risk, and Compliance (GRC) Analyst will be supporting cybersecurity, compliance, risk, and GRC program initiatives for our clients. This person will work closely with the team and our senior partners to provide client and backend support for security/ IT controls, assessments, analysis, risk, audits, GRC tools, policies, processes, industry frameworks, privacy, just to name a few.

Responsibilities

• Assess, evaluate, and make recommendations regarding the adequacy of the security/ IT controls for the client's environment and business objectives
• Develop policies, procedures, and processes based on audit findings and/ or compliance framework requirements
• Crosswalk controls across multiple security compliance frameworks and regulation to foster adoption and identify gaps
• Advise and develop security standards, guidelines, and controls based on best practices and compliance frameworks
• Translate security analyses, audit results, and compliance guidance into plain English that is understandable and actionable
• Analyze and suggest improvements for security/ IT controls in both design and operation effectiveness
• Develop risk registers, ideally aligned to controls, and execute basic risk assessment and management practices
• Perform assessments (risk and/or compliance) to develop a baseline for creating or expanding a security program
• Develop plans and tracking for non-compliance with applicable controls, and monitoring remediation progress against agreed upon timelines
• Work with various client GRC tools
• Perform data analysis and manipulation as needed to analyze a problem and create a solution for our clients
• Evaluate new and existing technologies for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention)
• Perform other duties for Hotman Group or as assigned to best serve our clients in their security, risk, compliance, or GRC programs

Knowledge, Skills, and Abilities

• Proven ability to manage and execute numerous parallel activities in a fast-paced, dynamic team environment
• Strong organizational skills with demonstrated prioritization and decision-making skills to not miss deadlines or drop assignments
• Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood and actionable
• Knowledge of fundamental security/ IT concepts (e.g., retention, data classification, change management, access control, asset management, third party risk)
• Demonstrated critical thinking skills, but also able to follow instructions to meet the team’s overall objective
• Technical aptitude to be able to learn new technologies quickly with little instruction
• Strong attention to detail and high commitment to quality
• Good attitude and courtesy to work with a smaller, fast-paced team
• Efficiency, always looking for ways to gain efficiency and maximize time spent
• Able to operate with a high degree of independence executing with excellent follow-through for assigned tasks, but also knowing when to stop, ask questions, and seek input from the team or management
• Passionate about cybersecurity, risk, compliance, and GRC to make companies more secure and healthy in protecting their data
• Not afraid to roll your sleeves up, learn what’s needed to learn, get done what needs to get done
• Reliability, discretion, and confidentiality

Requirements

• Minimum of a Bachelor or Graduate degree in a cybersecurity, information systems, or related field
• 7-10 years of progressive experience in cybersecurity, audit, risk, compliance, or GRC roles, with a proven track record of leadership and strategic decision-making
• Expertise in common security and privacy frameworks and regulations (e.g., ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS) with a deep understanding of their implementation in complex environments
• Advanced knowledge of risk management practices, demonstrating a strategic and holistic approach to drive prioritization and decision-making
• Proficiency in responding to, analyzing, and communicating complex security and information technology-related practices and controls to both technical and non-technical stakeholders
• Proven ability to assure the quality of work produced by team members, ensuring adherence to industry standards, best practices, and organizational policies
• Demonstrated coaching experience leading a cybersecurity team, with a focus on mentorship, skill development, and fostering a collaborative work environment
• Senior-level security or risk management certifications such as CISSP, CISM, or CRISC, or a strong commitment to obtaining these certifications
• Strong sense of ownership handling all tasks from end to end
• Proven ability to maintain a client-facing demeanor, with excellent communication and interpersonal skills
• Technical skills: Excel, Word, PowerPoint, GRC tools, quick learner of new technologies in general
• In-depth understanding of audit processes and requirements, with experience leading and guiding audit initiatives to successful completion
• Candidate must be located in the USA and have permanent authorization to work in the USA for any employer
• Clear background check
• Strong Internet connection and secure working area

No phone calls please.