Senior Analyst, Governance, Risk, and Compliance (10-Month Contract)

About eSentire

eSentire is on a mission to hunt, investigate and stop cyber threats before they become business disrupting events. We were founded on the premise that if you can’t find a solution, you build it. Entrepreneurship and innovation are in our DNA. Our culture is based on transparency, teamwork, and continuous innovation.

As the authority in Managed Detection and Response, we protect the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats.

The Role

The role of the Sr. Analyst, Governance, Risk, a4nd Compliance (GRC) will report to the Director, GRC and support the eSentire CyberSecurity Teams activities in alignment to business strategy.This role will conduct risk assessments based on established processes and work with risk owners to develop risk remediation strategies; conduct and support internal audit activities as per the eSentire Audit Schedule; assist the business attain and maintaining its security control objectives to meet various legal, regulatory, industry, and customer requirements; and measure and report associated metrics to ensure that organizational objectives are monitored and achieved.

Position Responsibilities

• Conduct assessments/internal audits against eSentire Security Policies and Directives as directed by Director GRC.
• Assessing internal compliance readiness to external accreditation programs and standards (e.g., PCI, HIPAA, NIST CSF, HITRUST, etc.).
• Track, monitor, and report on audit/assessment remediation efforts.
• Support, development and management of InfoSec policies, standards, and awareness and ensure broad enterprise visibility and education.
• Assess areas of potential risks and collaborate with impacted business units to decide how to avoid, reduce, or transfer these risks.
• Support and collaborate with business and technology leaders and other risk managers to resolve the most challenging risk matters.
• Follow established process to assess vendors and other security related service providers.
• Partner with business and technology leaders in ensuring new and existing business relationships adequately address information security risk through vendor management, security engineering engagements, and security assessments of processes and procedures.
• Manage specified Governance Risk and Compliance (GRC) projects from inception to completion.

Education And Experience

• Preferred bachelor's degree in related field or equivalent combination or experience and education
• Five (5) plus years of IT Security, Assessment, Compliance experience.
• CISSP, CISM, CRISC, or CISA preferred
• Experience in managing and accessing information security risks
• Functional knowledge of ISO 27001, NIST, PCI, AICPA SOC2

Required Skills And Abilities

• Ability to formulate and communicate strategies and concepts to non-technical associates
• Ability to read and interpret documents clearly and informatively
• Well-developed verbal and listening communication skills
• Strong written communication skills with the ability to write technical documentation, reports and correspondence
• Ability to define problems, collect data, establish facts, and draw valid conclusions
• Ability to exercise good judgment and make sound decisions independently; delegate/escalate issues appropriately
• Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited information is available
• Analytical thinker with desire to be continually challenged
• Well-developed interpersonal skills, including proven ability to interact with diverse personalities and in a tactful, mature, and flexible manner
• Ability to establish creditability and be decisive but also to recognize and support the organization’s preference and priorities
• Ability to work under strict deadlines, detail oriented, and the flexibility to think of alternative solutions
• Ability to initiate immediate interaction, coordination, and collaboration with team members, clients, customers etc.
• Excellent written and oral communication skills, with the ability to brief stakeholders on complex issues in a succinct manner

Our Culture and Values

At eSentire we work in a collaborative and innovative work environment. We work with brilliant and passionate people who strive and encourage others to do their best. eSentire’s idea-rich environment welcomes creative and sometimes unconventional perspectives!

We celebrate diversity, operating with mutual respect and consideration, in an environment that fosters inclusivity for all. We believe that a variety of perspectives, backgrounds, and experiences make us stronger – if you’re enthusiastic about this opportunity but don’t meet every qualification, we encourage you to apply anyway. It takes a diverse set of thoughts, cultures, backgrounds, and perspectives to be a true market leader.

Total Rewards

We believe in rewarding performance and providing comprehensive benefits tailored to support your well-being. Our package includes comprehensive health benefits, a flexible vacation plan, and participation in our company-wide equity program, allowing you to share in the success and growth of our organization.

Accommodation

If you have any accessibility requirements during the recruitment process, please reach out to our HR team at aoda@esentire.com and any accommodation needs will be addressed upon request. Your talents and unique perspectives are valued, and we look forward to the opportunity to work together to build a more inclusive future.

It's our mission at eSentire to protect our customers 24/7/365 and we extend this conviction to job seekers. During the application and interview process, eSentire will communicate with you from one of our corporate "@esentire.com" email addresses, never from a public email address. We strive to provide a welcoming, respectful, and thorough interview process, providing the candidate with ample opportunity to spend time with the hiring manager, recruiter, and future colleagues face to face, or using a video conference technology.