Grc Analyst

RESPONSIBILITIES

General Job Requirements:

• Participates in a global security risk assessment program.
• Prepare and provide regular GRC Reports and Metrics (Weekly, Monthly, Quarterly, Yearly,

Ad Hoc, etc.) to the Head Cybersecurity Specialist and CISO.

• Conduct Cybersecurity Risk Management, including Risk Assessments of the client

Information assets and services, and work with the Risk Owners to mitigate the Risks

through appropriate Cybersecurity Controls.

• Conduct Cybersecurity Risk Management, including Risk Assessments of the client

Information assets and services, and work with the Risk Owners to mitigate the Risks

through appropriate Cybersecurity Controls.

• Develop, maintain and regularly update a Cybersecurity Risk Register and contribute

towards Cybersecurity improvements.

• Perform Compliance Management for the client Policies, Procedures, applicable

Regulations as well as Standards and Audit recommendations.

Policies, Regulatory and Compliance

• Works with Internal Audit, Stakeholders, General Counsel and outside consultants as

appropriate on required security assessments and audits

• Assists in executing strategy for dealing with increasing number of audits, compliance

checks and external assessment processes for internal/external auditors, PCI DSS, ISO,

HIPAA, HITRUST, and NIST 800-171

• Routinely completes privacy gap analysis of current laws and regulations and ensures

organizations compliance therewith.

• Coordinates and tracks all information technology and security related audits including

scope of audits, timelines, auditing agencies and outcomes.

• Interact with Third-Party Suppliers / Vendors / Contractors / Consultants and ensure

GRC projects are completed on time and within budget and desired quality.

• Provides guidance, evaluation and advocacy on audit responses.

PREFERRED SKILLS/EXPERIENCE:

• Bachelors degree in Information Systems, Cybersecurity, or a related field preferred.
• Certifications that are strongly preferred (not required): CISA, CISSP, CISM and/or other

security certifications

• Experience in security governance, security compliance or risk management preferred.
• Experience in designing and implementing security standards and best practices.
• Experience in PCI DSS, ISO 27001, SOC2 audits is preferred.
• Experience developing and/or analyzing security policy.
• Hands-on experience in establishing and maturing an organization's Security Program.

PROFESSIONAL SKILLS:

• Great problem-solving skills.
• Excellent collaboration skills – must be eager to work as part of a cohesive team and work

as a partner to other teams within Aristocrat, Inc., locally and globally.

• Exceptional communication skills, including the ability to gather relevant data and

information, connect through listening, dialogue freely, and verbalize ideas effectively.

• Proven presentation and facilitation skills.