Vantage Data Centers Management Co - Aurora, CO

posted about 2 months ago

Full-time - Mid Level
Remote - Aurora, CO
Real Estate

About the position

The GRC (Governance, Risk, and Compliance) Analyst at Vantage Data Centers plays a pivotal role in supporting the organization's information security management system (ISMS) and cybersecurity initiatives. This position is primarily remote within the U.S. and is responsible for leading the ISMS risk register, providing oversight on cyber risks and controls, and ensuring that the company's security environment is maintained and aligned with relevant standards. The GRC Analyst will engage in ongoing training and professional development to stay ahead of the latest security trends and technologies, while also supporting internal and external audits, conducting security investigations, and managing GRC programs and projects. In terms of risk management and ISMS support, the GRC Analyst will lead the ISMS risk register, ensuring that risks are identified, assessed, and mitigated effectively. They will provide oversight on cyber risks and the implementation of appropriate controls, supporting the ISMS program by ensuring compliance with relevant standards and conducting periodic gap assessments. The role also involves managing, supporting, and maintaining Vantage's security environment, acting as a contact for end users and individuals reporting cybersecurity issues, questions, or concerns, and supporting AI initiatives and governance. The GRC Analyst will manage GRC programs and projects as assigned, ensuring that objectives are met and risks are mitigated. They will maintain and run policies, procedures, standards, and the Confluence site for all documentation, ensuring accuracy and conducting annual reviews. Additionally, the role includes supporting internal and external audits by providing vital documentation and responding to audit inquiries, performing periodic gap assessments to validate compliance on an ongoing basis, and supporting the triage and investigation of security alerts to identify potential threats and take appropriate action. The GRC Analyst will also create documentation and presentations for leadership and partners on relevant topics and issues, contributing to the development and refinement of SOC (Security Operations Center) policies, procedures, and best practices. Continuous professional development is emphasized, with the expectation of engaging in ongoing training to stay ahead of the latest cybersecurity threats, vulnerabilities, trends, and technologies.

Responsibilities

  • Lead the ISMS risk register, ensuring that risks are identified, assessed, and mitigated effectively.
  • Provide oversight on cyber risks and the implementation of appropriate controls.
  • Support the ISMS program by ensuring compliance with relevant standards and conducting periodic gap assessments.
  • Manage, support, and maintain Vantage's security environment.
  • Act as a contact for end users and individuals reporting cybersecurity issues, questions, or concerns.
  • Support AI initiatives and governance.
  • Manage GRC programs and projects as assigned, ensuring that objectives are met and risks are mitigated.
  • Maintain and run policies, procedures, standards, and the Confluence site for all documentation, ensuring accuracy and conducting annual reviews.
  • Support internal and external audits by providing vital documentation and responding to audit inquiries.
  • Perform periodic gap assessments to validate compliance on an ongoing basis.
  • Support triage and investigation of security alerts to identify potential threats and take appropriate action.
  • Participate and support the Business Impact Analysis (BIA) and Crisis Management Framework (CMF).
  • Create documentation and presentations for leadership and partners on relevant topics and issues.
  • Contribute to the development and refinement of SOC (Security Operations Center) policies, procedures, and best practices.
  • Handle additional duties as assigned by Management.

Requirements

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field or equivalent years of experience.
  • Minimum three (3) years of experience in governance, risk and compliance.
  • Demonstrated experience in enterprise risk management with solid understanding of cyber threats, vulnerabilities, probability, and impact.
  • Experience with IT GRC platforms.
  • Experience with IT governance, risk, and compliance management in a complex global environment.
  • Ability to excel in a fast paced and constantly evolving environment.
  • Familiarity with regulatory requirements and frameworks (e.g., GDPR, COBIT, NIST).
  • Understanding of cloud security principles and technologies (e.g., AWS, Azure, Google Cloud).
  • Familiarity with ISMS and security frameworks, particularly ISO 27001/27002 and NIST RMF.
  • Strong understanding of fundamental information security concepts and technology.
  • Proficiency in written and oral communications across multiple stakeholder groups ranging from junior staff to senior leaders.
  • Strong background in process development, documentation, and continuous improvement.
  • Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials.

Nice-to-haves

  • CISA, CISM, ISO 27001 Lead implementer, 27001 lead auditor certifications preferred but not required.
  • Experience with scripting and automation (e.g., Python, PowerShell), preferred.
  • Preferred Tooling Experience: Elastic SIEM, Swimlane/Turbine, Azure M365 including Defender, Purview and Intune, Confluence, SharePoint.

Benefits

  • Medical, dental, and vision coverage.
  • Life and AD&D insurance.
  • Short and long-term disability coverage.
  • Paid time off.
  • Employee assistance program.
  • Participation in a 401k program that includes company match.
  • Additional voluntary benefits.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service