6 days old

Risk Assessment Analyst / IT Audit & Compliance

Kelly Services
Chesapeake, VA 23323
**Risk & Compliance Analyst (W2, direct hire, no C2C, no visa sponsorship or transfer)**

**Overview:** Kelly Services is seeking a motivated, hardworking individual to join our clients team as an IT Analyst focused on issues in Governance, Risk & Compliance. This is a direct hire role for a well-established but still growing technology-oriented company in Chesapeake / Norfolk, VA area. All candidates must be authorized to work for any employer in the United States and not require visa sponsorship or transfer, now or in the future; resumes from 3rd parties will not be accepted.

**Duties & Responsibilities:**

The GRC Analyst is a technical and analytical position within the IT Security Team focused primarily on issues in Governance Risk & Compliance (GRC) which include risk management, vendor management, compliance management, vulnerability management, risk assessments, and security awareness. This position is responsible for managing, developing, maintaining and communicating company security policies, standards, and configurations in accordance with industry standards and best practices.

GRC analysts are expected to have some experience and knowledge of industry practiced tools to perform their functions such as but not limited to: vulnerability and patch management packages, access and authorization tools, data loss prevention tools, third party management applications, and request for service application suites. The GRC Analyst will participate in the evaluation and deployment of security-focused infrastructure as well as provide consultation, architectural review, risk analysis, vulnerability testing and security reviews of many elements of internal systems.

+ Assist/participate/lead informal risk assessment processes for all departmental and enterprise systems and work closely with system owners to align risks identified with established risk tolerances

+ Provide governance for the identification, audit, validation and remediation of information technology controls required for SOX, PCI DSS, PII, HIPAA and any other applicable regulatory compliance frameworks.

+ Conduct and track information security assessments of third-party vendors to determine their ability to protect data

+ Participates in projects and assessments to establish risk determination and remediation

+ Using industry best practices and tools, be able to utilize technology-based tools to validate controls are in place as established.

+ Lead the development, update and compliance of corporate information security policies, guidelines and standards

+ Work with technical teams to ensure baseline configurations are kept current and configurations for new technologies are designed and built prior to integration into the company environment

+ Develop the comprehensive information security awareness program and run year-round campaigns. Create communications on behalf of IT Security for awareness activities, initiatives or other required security announcements.

+ Maintain security and compliance metrics that are meaningful and actionable for Sr. Management. Metrics should establish baselines, highlight progress and drive behaviors

+ Coordinate with internal and external audit and compliance groups on improvement of information technology controls

+ Experience with analyzing, evaluating, prioritizing and processing results from security penetration tests or assessments

**Position Requirements:**

+ Bachelor's degree in business, information systems or computer science or equivalent experience

+ 3-5 years experience in information technology; preferably in information security compliance/audit/control or related experiences

+ Familiarity in many technology areas across a broad spectrum including networks, infrastructure, cloud and mobile as well as the concepts of risk management, data compliance, information security strategy

+ Solid knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.

+ Application development, scripting and database knowledge a plus.

+ Demonstrated experience with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Controls and NIST frameworks

+ Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing; Microsoft office suite proficiency required.

+ Strong analytical skills to analyze security requirements and relate them to appropriate security controls

+ Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc a plus

Please note that this is a direct hire role and resumes from third parties will not be accepted. This role does not offer visa sponsorship or transfer, all candidates must be presently authorized to work for any employer in the US and not require future sponsorship.

Apply today for immediate consideration or send your resume directly to


**Why Kelly** **** **?**

With Kelly, youll have direct connections to leading IT organizations in the best companies around the globeoffering you the chance to work on some of todays most intriguing, innovative and high-visibility projects. In a field where change is the only constant, our connections and opportunities will help you take your career exactly where you want to go. We work with 90 of the Fortune 100 companies companies and found opportunities for more than 8,600 IT professionals last year. Let us help advance your career today.

**About Kelly** ****

At Kelly, were always thinking about whats next and advising job seekers on new ways of working to reach their full potential. In fact, were a leading advocate for temporary/nontraditional workstyles, because we believe they allow flexibility and tremendous growth opportunities that enable a better way to work and live. Connecting great people with great companies is what we do best, and our employment opportunities span a wide variety of workstyles, skill levels, and industries around the world.

Kelly is an equal opportunity employer committed to employing a diverse workforce, including, but not limited to, minorities, females, individuals with disabilities, protected veterans, sexual orientation, gender identity. Equal Employment Opportunity is The Law.
Posted: 2019-11-08 Expires: 2019-12-09

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Risk Assessment Analyst / IT Audit & Compliance

Kelly Services
Chesapeake, VA 23323

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast