Contract Information Security GRC Analyst
Risk Assessment Execution
The Information Security GRC Analyst with a Risk and Policy focus is responsible for assisting in the execution of the organization's security risk management program and supporting policy governance. This role takes the lead in conducting the security risk assessments for Chatham systems, products, and technology projects using established frameworks (NIST SP 800-30, ISO 27005, etc.).
Technology and Cybersecurity Risk Register Management
Maintain the technology risk register (includes Cybersecurity) documenting threats, vulnerabilities, impacts, likelihood, risk ratings, and treatment decisions; ensure consistent updates with stakeholder input.
Technology and Cybersecurity Risk Mitigation Tracking
Document risk treatment plans with action items, responsible parties, and target dates; track remediation progress; verify risk reduction upon closure.
Technology and Cybersecurity Policy Support
Support policy lifecycle activities including drafting, review, and updates; ensure policies alignment based on industry standards such as NIST, ISO 27001, etc.
Cybersecurity and Information Security Risk Metrics Development
Develop and report risk metrics and KRIs; analyze trends in risk posture; identify systemic issues requiring management attention.
Technology and Cybersecurity Risk Reporting/Communication
Translate technical risk findings into business-relevant language; prepare risk summaries for management review and decision-making.
Stakeholder Engagement
Partner with control owners, system owners, product team, technology team, and business stakeholders to identify and assess risks throughout the system lifecycle.
Contributors To Your Success
- Bachelor's degree, preferably in Information Security, Computer Science, Risk Management, or related experience in the field.
- 3-5+ years of experience in IT audit, IT risk management, executing security assessments, or experience in a related Technology, IT Audit or Data Governance, role.
- Experience in supporting/coordinating company SOC 2 Trust Services Criteria audits or conducting SOC 2 audits.
- Experience in conducting technology and security risk assessments using NIST, ISO 27005, or similar methodologies.
- Strong understanding of Cybersecurity risks and mitigation strategies as well as functional experience with threat modeling, vulnerability analysis, and risk quantification and follow through.
- Knowledge of security frameworks: NIST CSF, NIST 800-53, ISO 27001, Center of Internet Security (CIS), SOC 2 Trust Services Criteria, Cloud Control Matrix (CCM).
- Knowledge of third-party security assessments and/or data protection/impact assessments.
- Excellent analytical and written communication skills.
Preferred Certifications
- CRISC, CDPSE, CISA, CISSP, ISO 27001 Lead Auditor/Lead Implementer
Other Certifications Considered
- CGEIT, CCSK, CompTIA Security+, CompTIA CySA+, CISSP-Associate, GIAC/GSEC, PMP/CAPM, AWS Cloud Practitioner, Azure Cloud Practitioner
About Chatham Financial
Chatham Financial is the leading independent capital markets advisor, delivering an integrated blend of expert advice and powerful technology to help you reduce risk and seize opportunity. With decades of capital markets strategy, execution, monitoring, and performance expertise, we serve as an unwavering advocate for your best interests and your innovation partner. Our technology platform unifies data across assets, debt, and derivatives, giving you unmatched agility, transparency, and insight. It’s clear ahead. Our commitment is to carry that light forward in every partnership, every solution, and every market we serve. We help guide the way—giving clients the insight and momentum to move forward with confidence, no matter what lies ahead.