Position Summary:
The Sr. Security GRC Senior Analyst (Policy, Design & Remediation) is a key contributor for the communication of security policies, standards, and remediation items to RH IT and multiple business units. This role will also engage with teams across both Security and IT departments over the course of day-to-day assignments and report directly to the Senior Manager Security GRC Policy, Design, and Remediation.
Position Responsibilities may include, but not limited to:
- Provide guidance and expertise to business units and project teams throughout the lifecycle of security initiatives
- Collaborate with Security GRC Compliance to prioritize security vulnerabilities and control deficiencies through regular reporting and assessments
- Drive and execute remediation strategies to address identified vulnerabilities and control deficiencies in a timely and efficient manner collaborating with the CISO organization, RH IT, and BU IT. Report on these remediation strategies by developing reporting metrics, dashboards, and evidence artifacts
- Drive a culture of security awareness and compliance within the organization
- Lead documentation, consultation, negotiation and resolution of tactical issues that may arise from security initiatives targeting business units
- Partner with CISO functions to document security gaps affecting business units and facilitate their orderly remediation
- Facilitate communications and negotiations for aligning information security priorities with strategic objectives defined by business units
- Help balance CISO organization governance with supporting business unit need
- Leverage risk-based reporting to improve information security adoption across the business units
- Other projects or duties as assigned
Required Skills and Experience:
- Bachelor’s degree in computer science, IT, Engineering, or Security discipline and 4+ years of experience as a technical specialist in Customer-facing roles OR High School Diploma and 7+ years of the above stated experience in lieu of a bachelor’s degree
- Experience in proven experience in a security role with a focus on standards, protocols, and remediation
- Excellent verbal and written communication skills to interface with managers, staff, and customers, at all levels within the company
- Strong interpersonal skills are critical to success. Reyes Holdings values a culture of collaboration and synergy amongst teams
- Strong organizational skills in aligning to goals, scheduling discussions, establishing workshops involving individuals or working groups
- Strong understanding of security frameworks, compliance requirements, and industry standards (NIST CSF, CIS 8 preferably)
- Experience in developing and implementing effective remediation strategies
- Successful in fast paced and quick changing environments
- Ability to drive buy-in across complex organization structures
- departments
- This job requires the ability to travel 10% on an annual basis
- This position must pass a post-offer background and drug test
Preferred Skills and Experience:
- Relevant certifications such as CISSP, CISM, CISA or similar are highly desirable
- Broad Enterprise systems experience including application and platforms