Principal GRC Analyst
Deltek · United States · 1 mo ago
RemoteRemoteBusiness Development$91k–$161k/yrFull-time
Position Responsibilities
- Information security risk management and compliance are critical parts of Deltek’s business and product strategy.
- This role supports comprehensive assessments of the management, operational, and technical security controls deployed within Deltek cloud environments.
- Determines the effectiveness of the controls - the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements.
- Supports audits of cloud environments, information systems, risk management and security tools to ensure adherence to applicable frameworks, laws, and regulations.
- Assists with documenting control objectives and procedures in areas such as cloud security, cloud governance and compliance, DevOps, cloud data protection, cloud monitoring, incident response, enterprise security architecture, cyber security, and technology risk management.
- Drives compliance within Deltek Cloud Operations.
- Lead and execute audits and assessments related to NIST 800-53, FedRAMP, CMMC, ISO27001, PCI DSS, SOC 1, SOC 2, and other information security regulations.
- Must have experience leading audit engagements as a principal auditor, understand requirements for completing internal and external audit engagements.
- Create and maintain compliance documents such as policies, standards, procedures. Prepare metrics and reporting.
- Effectively communicate with Deltek technical and business stakeholders through written and verbal communication during the process of evidence collection, validation, testing and presentation of results.
- Maintain proficiency with applicable laws, regulations, and standards.
- Identify and communicate risk management, control gaps and process inefficiencies to key stakeholders.
- Actively participate in initiatives aimed at enhancing Cloud Security Compliance team processes and procedures.
- Support internal risk and compliance meetings as a subject matter expert.
- Draft and maintain, and mature GRC services as primary or backup service owner (e.g., Policy Management, Risk Management, Customer Security Due Diligence, Business Continuity Planning, etc.).
- Lead efforts and provide support for any activity that helps maintain Deltek’s compliance and security standards.
Qualifications
- US Citizenship is required for this position.
- Minimum 3 years of leading implementing and/or assessing : Information technology audit , Information Technology General Controls (ITGC), Information security operations , cloud security and compliance, internal audit function, IT risk management, public accounting firm , or a related field.
- B.S. degree (Information Security, Computer Science, MIS, or equivalent program preferred) from an accredited college/university.
- Must have experience with ITAR/FedRAMP assessments within technological environments.
- Possess, or working toward, baseline security certifications such as CISA/CompTIA/cloud certification for Microsoft Azure/AWS/Google Cloud Platform.
- Core Competencies: Excellent self-management and work with minimal direction. Excellent time management skills for handling multiple competing priorities and simultaneous projects. Excellent business and technical aptitude and problem-solving skills. Excellent critical thinking, analytical, communication (written and verbal) and interpersonal skills. Ability to work in a team environment collaboratively and take direction from senior level staff. Enthusiasm to learn through a combination of structured, on-the-job, and self-directed training.
- Preferences: CCAK/CCSK, CISSP, CISA, or other related information security certification desired. FedRAMP, NIST 800-171, CSA CCM, CIS Security Framework experience desired. Experience with software development in a cloud environment desired.