GRC Analyst

Position Summary

Our client is the premier sports entertainment organization based in the DFW. We are

looking for a Governance, Risk and Compliance (GRC) Security Analyst to join our

cybersecurity team. Our cybersecurity team focuses on managing cybersecurity

functions across the organization, working to ensure the protection of our critical assets

and data. As a GRC security analyst, you will be a valued member of a fast-paced,

innovative, and collaborative cybersecurity team.

The GRC security analyst position is responsible for enabling the organization to comply

with industry and regulatory requirements and standards for cybersecurity. As a GRC

analyst you will play a vital role in ensuring the confidentiality, integrity, and availability

of our organizations information assets. You will be responsible for identifying,

assessing, and managing information security risks, as well as implementing and

maintaining governance frameworks to support the organization's cybersecurity

objectives. The GRC security analyst is expected to support and maintain the cyber risk

management strategy for the organization.

Working with security leadership, the GRC security analyst will routinely assess and

validate the assurance of the security program. As a primary point of contact for internal

and external auditors, the GRC security analyst will monitor progress and support

resolution of outstanding issues that may lead to non-compliance or security threats to

the business. As a key member of the security team, the GRC security analyst will focus

on strong risk management and corporate resiliency.

Essential Job Duties

Conduct enterprise-wide, ongoing risk analysis in coordination with compliance

and security.

Maintain oversight in a GRC-related platform.

Identify and address weaknesses in the security program as they relate to

privacy, cyber risk, business resiliency and compliance frameworks.

Document, formulate and enforce areas of security improvement that balance

risk with business operations and do not diminish efficiencies or innovation.

Support oversight of third parties, vendors and business partners to safeguard

against undue risk presented by external entities. Escalate to security

management and business unit leads when points of weakness are discovered.

Analyze and document findings, and recommend and report program gaps to

security leadership.

Monitor current and proposed security changes impacting regulatory, privacy and

security industry best practice guidance. Apply GRC expertise across key lines of

business, including products, practices and procedures.

Define qualitative and quantitative metrics to assess the success of the security

program and provide regular reports to security and business leadership.

Ensure security and technology teams maintain up-to-date configuration

documentation for systems and processes.

Attend and fully engage in change and project management meetings.

Liaison with auditors, both internal and external, to maintain and implement

controls for compliance and privacy laws.

Develop and implement risk mitigation strategies and controls to address

identified risks and ensure compliance with security standards and regulations.

Establish and maintain information security governance frameworks, policies,

and procedures to guide the organization in managing and protecting sensitive

information.

Act as a point of contact for disaster recovery and business continuity as it

relates to security frameworks, compliance and privacy laws.

Perform other duties as assigned.

Skills and Experience

7+ years of experience in cybersecurity, with extensive expertise in Governance,

Risk, and Compliance (GRC) and deep knowledge of risk management

principles.

Strong business acumen and security technology skills for well-rounded

proficiency, as well as proven ability to align with security practices and

compliance responsibilities.

Experience and understanding of various cybersecurity standards, including but

not limited to ISO 27001 and NIST.

Exceptional written and verbal communication skills, and proven ability to

translate security and risk to all levels of the business.

Ability to work independently and collaboratively in a fast-paced environment.

Attention to detail and a strong commitment to maintaining the confidentiality and

integrity of information assets.

Additional Qualifications

Prior experience with leading GRC systems from vendors such as RSA,

MetricStream and Riskonnect.

Demonstrated problem-solving capabilities, and ability to manage complex local

and international security requirements.

Self-motivated, directed and well-organized, with the vision to position controls in

anticipation of threats.

Successful track record of managing external entities contracts and

relationships, and mitigating risks to business development opportunities.

Familiarity with state, federal and international privacy laws.

Education Requirements

Bachelors degree in computer science, information assurance, MIS or related field, or

equivalent industry experience.

Certification Requirements

Holds or is working toward one or more of the following: CISSP, CRISC, CGEIT or

GRCP.