GRC Analyst
NetCov · United States · 3 wk ago
RemoteRemoteBusiness DevelopmentFull-time
Primary/Essential Duties and Key Responsibilities
- Interface with client points of contact as required for onboarding/post sales activity and/or recurring check-ins and inquiries.
- Continuously monitor and triage requests flowing through an inbound ticket queue.
- Participate in the design and execution of risk assessments and security audits.
- Participate in the management of employee awareness campaigns for both staff and clients, including phishing simulations and awareness training.
- Perform CMMC Readiness assessment against 110 controls, delivering a comprehensive SSP and POAM with assisted attestation and SPRS reporting.
- Absorb and assist clients with their assessments with C3PAOs and 3PAOs.
- Create and Maintain network and data flow diagrams.
- Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, regulatory requirements, improved security processes, and the development of new attacks and threat vectors.
- Document best practices and user guides using available collaboration tools and workspaces.
- Develop and maintain both internal and client-facing documentation, policy libraries and delivery metrics for end-to-end client security and compliance.
- Provide timely, detailed, and complete reports on vulnerabilities, security events and incidents in a client facing setting.
- Triage internal security and permissions requests from staff, including but not limited to systems access and employee terminations.
- Oversee upkeep of internal SOP, ensuring adjustments to protocol are made as tools and methods evolve.
- Perform QA workflow as necessary to improve upon consistency of product and client experience.
- Cookordinate resources and/or route audit requests appropriately for high volume or regulated client points of contact.
- Ability to manage a changing and evolving workload and function as decision-maker where needed.
- Provide after-business hours support if requested and as applicable to geographically distributed client base.
- Perform other duties and tasks as assigned.
Knowledge, Skills and Abilities (KSAs) Required
- Strong problem-solving, analytical skills and the ability to work autonomous.
- Excellent customer service skills, including understanding how to de-escalate, how to soothe and how to deliver the most efficient solution.
- Strong communication skills, both verbal and written.
- Familiarity with regulatory frameworks such as NIST/CMMC, ISO 27001, HIPAA/Hitech, GDPR are a big plus.
- Strong organizational, operational, and inter-personal skills.
- Strong familiarity with Windows desktop and server operating systems.
- Strong familiarity with Microsoft Office 365 and Azure Active Directory support and implementation.
- Strong understanding of networking concepts, familiarity with routers, firewalls, access points, IDS/IPS and VPN.
- Familiarity with Email threat protection tools and concepts.
- Familiarity with RMM and asset management tools are a big plus.
- Understanding of tools and processes used in security monitoring and incident response.
- Experience with Endpoint Detection & Response (EDR) tools.
- Ability to understand vulnerabilities at a technical level and capable of recommending and effectively communicating mitigation strategy.
- Ability to communicate and write in English professionally.
Physical Requirements
- Sitting
- Standing
- Moving of self
- Moving of equipment
- Communicating
- Visual acuity for driving and computer work
- Kneeling
- Crawling
- Reaching
- Stooping
- Lifting
- Pulling