Information Security - GRC Analyst

  • Bose
  • Stow, OH, USA
  • Nov 09, 2020
[Information Technology]

Job Description

Job Description The Information Security Specialist GRC participates in a wide range of Information Security Control assessments from a wide range of regulatory and industry control frameworks. They assess and quantify information security risk, assist and advise business partners on managing risk and prepare reports for executives that describe risk. They also manage the ongoing operational work associated with the Bose Information Security Awareness Program, The ISRA Process and the PIA and DSR privacy processes. Specific tasks include: PCI-DSS assessments GDPR Security Control assessments SWIFT Security Control assessments DFARS Security Control assessments DoHS Security Control assessments Partner Request Security Control assessments (GM, Audi, etc.) Authoring Information Security Specifications Penetration Testing coordination The ideal candidate will understand the fundamentals of Information Security with respect to Confidentiality, Integrity and Availability. An understanding of Cyber Security operations and how this relates to Information Security. An understanding of Risk and Risk Analysis as it pertains to Information Security. Good written and verbal communication skills Organized, quality focused and efficient approach to work Compentencies: Candidate should have a minimum of 3 years either Information Security or Cyber Security experience. Experience conducting Information Security assessments. Experience working with formal control frameworks such as those published by NIST, ISO or PCI-DSS. Conduct and/or participate in Information Security Control assessments Author Information Security Specifications Support the Operations associated with the GIS Information Security Awareness Program Author or update GRC Operational Procedures associated with Information Security Assessments Support GIS GRC Privacy assessments responsibilities Implement risk management processes associated with project or control implementations Participate in GRC projects associated with Cyber Security controls or Cyber Security Operations Bose is an equal opportunity employer that is committed to inclusion and diversity. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics. For additional information, please review: (1) the EEO is the Law Poster (); and (2) its Supplements (). Please note, the company's pay transparency is available at . Bose is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the application or employment process, please send an e-mail to and let us know the nature of your request and your contact information.

Associated topics: attack, cybersecurity, forensic, identity, identity access management, information assurance, information security, leak, phish, violation