Security Analyst

JOB DESCRIPTION

Insight Global is looking for an experienced Cybersecurity specialist to serve as Security Analyst – Cybersecurity GRC for one of our major retail clients. This role will work collaboratively with the Cybersecurity GRC team to expand and enhance the maturity of our risk due diligence program to protect the confidentiality, integrity and availability of our technology assets and data and support our global growth initiatives. A day in the life: As the Security Analyst – Cybersecurity GRC, you will work with the team to facilitate and coordinate the internal risk due diligence program, which is a cross-functional, formal review process that identifies and mitigates potential security risk associated with data and technology engagements. This role will support the Risk Due Diligence Program Manager with the tactical execution requirements through the following core responsibilities: • Facilitate and perform Security Risk Assessments for all new technology projects or changes in existing technology implementations • Identify potential risks, threats, vulnerabilities, or security gaps through security risk assessments and communicate specific security requirements and/or risk mitigation strategies to the business/technology stakeholders • Document, communicate, and track action items from security reviews to ensure they have been actioned to closure • Collaborate with the Risk Due Diligence and Technology Risk Management teams to define and implement a process to evaluate that projects ‘as built’ meet the security requirements identified and communicated through the security review process • Work with multiple cybersecurity teams to define and implement standard implementation security requirements checklists for low risk, repetitive types of projects and initiatives • Review and assess intake requests for AI tools and technologies to ensure security and data risks are identified, documented, and mitigated • Support the Risk Due Diligence team with ongoing ServiceNow ticket intakes, prioritization of reviews, and management of open backlog items • Be an ambassador for the governance, risk and compliance security practice throughout the organization

REQUIRED SKILLS AND EXPERIENCE

• 3+ years experience in a cybersecurity function, preferably in a GRC, security engineering, or security architecture role

• Bachelor’s degree with focus on information technology, cybersecurity or technology audit preferred

• Experience with cybersecurity risk and compliance frameworks and practices (e.g. NIST-CSF, NIST-AI RMF, COBIT, ISO27001, Data Privacy regulations and frameworks)

• Expertise in cybersecurity risk and security management practices and processes, particularly in technology domains such as infrastructure and operations, application development, cloud computing • Understanding of emerging AI/LLM technologies and related security risks

• Experience and passion for technical security risk identification and mitigation

• Ability to interact effectively with technical security stakeholders as well as non-technical business stakeholders to communicate and inform concepts pertaining to security risk

• Familiarity with ServiceNow GRC/IRM systems

NICE TO HAVE SKILLS AND EXPERIENCE

• Professional certification such as CISA, CISSP, CRISC, Security+, CDPSE is a plus