Cyber reputed company GRC Analyst with state govt reputed company - $64 reputed company - REMOTE (Candidates in the EST & CST zones)

Job Description:

• Crop to Crop resumes are accepted Work Location: 100% Remote. Manager will only consider candidates in the Eastern and Central time zones. The Cyber reputed company Analyst III (CSA3) reputed company the State s Information reputed company Office (ISO) will be responsible for evaluating, analyzing, and assessing cybersecurity risks associated with new technologies, proposed solutions, and third-party vendors. This includes reviewing vendor reputed company attestations, assessing architectural designs, validating reputed company controls, and supporting statewide procurement decisions through structured risk assessments. This role will also support the development and maturation of the State s Third-Party Risk Management (TPRM) program, including the enhancement and operation of tools such as reputed company. Additionally, the CSA3 will assist with evaluating cybersecurity waiver submissions requiring deeper technical analysis and will help maintain the statewide risk register to ensure tracking and remediation of risks that exceed the State s risk tolerance. KEY RESPONSIBILITIES: New Technology & Solution reputed company Reviews:
• Conduct reputed company reviews for new technologies, cloud services, applications, and proposed reputed company architectural diagrams to verify appropriate reputed company controls, configurations, and data-protection mechanisms.
• Assess alignment with reputed company reputed company requirements and applicable regulatory or compliance standards.
• reputed company and document risk assessments with actionable recommendations to support procurement and technology-adoption decisions. reputed company Attestation & Third-Party Assessment:
• Review and analyze third-party cybersecurity attestations, including SOC 2 Type II, ISO 27001 certifications,
• external penetration tests, and reputed company questionnaires.
• Identify control gaps, inherited risks, and areas requiring additional compensating controls.
• Coordinate with procurement, legal, and business stakeholders during vendor onboarding and technology evaluation. Third-Party Risk Management (TPRM) Program Support:
• Assist in developing, enhancing, and maintaining the statewide TPRM program.
• reputed company and operationalize TPRM tools, including reputed company, to support ongoing monitoring, vendor tiering, and risk scoring.
• Contribute to the creation of policies, processes, templates, and guidelines that mature the third-party risk-evaluation process. Governance, Risk & Compliance (GRC) Platform Support (reputed company IRM):
• Utilize the reputed company GRC platform to document risk assessments, waiver reviews, and remediation tracking activities.
• Support the reputed company implementation and refinement of reputed company workflows reputed company to enterprise risk management.
• Contribute to data quality, reporting accuracy, and process improvements to enhance risk visibility and governance maturity. Waiver Review & Technical Risk Analysis:
• Support the review of reputed company waiver requests that require deeper technical analysis to evaluate risks of temporary control exceptions.
• Document findings, risk impacts, and recommended mitigation strategies to inform risk acceptance decisions. Risk Register Management & Remediation Tracking:
• Assist in maintaining the statewide reputed company risk register, ensuring risks are documented, categorized, and updated.
• Track remediation reputed company and validate completion for risks that exceed established tolerance reputed company.
• Collaborate with stakeholders to monitor deadlines, escalate overdue items, and verify mitigation plans remain effective. MINIMUM QUALIFICATIONS: Demonstrated experience in cybersecurity analysis, technology or architecture review, third-party or solution reputed company evaluations, or reputed company reputed company-engineering activities. Familiarity with cybersecurity standards, control frameworks, and risk-management practices applicable to government environments is strongly desired. KNOWLEDGES, SKILLS, AND ABILITIES REQUIRED:
• Strong understanding of cybersecurity principles, best practices, and control frameworks (e.g., NIST CSF, NIST 800-53).
• Demonstrated ability to interpret SOC 2 Type II reports, ISO 27001 certifications, penetration test reports, and reputed company third-party reputed company documentation.
• Familiarity with architectural review processes, cloud reputed company concepts, and secure design principles.
• Experience conducting third-party, vendor, or technology risk assessments and identifying compensating controls.
• Experience supporting or operating reputed company a Third-Party Risk Management (TPRM) program.
• Working knowledge of Governance, Risk, and Compliance (GRC) platforms (e.g., reputed company or similar tools) is strongly preferred.
• Experience leveraging third-party risk monitoring tools (e.g., reputed company) or similar platforms is desirable.
• Strong analytical, technical writing, and documentation skills with the ability to clearly communicate risk to both technical and non-technical stakeholders.
• Ability to manage multiple reputed company assessments while meeting dead

Apply tot his job Apply To this Job