WHO WE ARE:
As the founding entity of RAINBOW PARTNERS, Quanteam is a consulting firm specializing in Banking, Finance, and Financial Services. Guided by our core values of closeness, teamwork, diversity, and excellence, our team of 1,000 expert consultants, representing 35 different nationalities, collaborates across 10 international offices: Paris, Lyon, New York, Montreal, London, Brussels, Geneva, Lisbon, Porto and Casablanca.
We are looking for a Security GRC Analyst (Intermediate) to work with one of our clients in the financial services sector.
CONTEXT AND ROLE OBJECTIVES:
Managing Americas cyber regulatory compliance program by assessing requirements, collecting supporting evidence, and maintaining documentation.
Monitoring regulatory, privacy, and cybersecurity best practice changes; applying GRC expertise across products, practices, and procedures.
Collaborating with Audit, Cyber Risk, Legal, Compliance, IT, Risk Management, and business teams to align GRC with business objectives.
KEY RESPONSIBILITIES:
- Manage Americas cyber regulatory compliance program by assessing requirements, collecting supporting evidence, and maintaining documentation
- Monitor regulatory, privacy, and cybersecurity best practice changes; apply GRC expertise across products, practices, and procedures
- Liaise with internal and external auditors to implement and maintain controls for compliance and privacy laws
- Manage cybersecurity examinations from 2LoD, 3LoD (internal audit), and external audits
- Track and manage findings and recommendations from audits and examinations
- Collect and automate DFS500 metrics and reporting to demonstrate risk reduction
- Improve and industrialize operating models (evidence collection, reporting, documentation, and repeatable processes)
- Challenge and enhance current practices related to regulatory exams, findings management, reporting, and control assessment
- Perform security risk assessments using industry frameworks (NIST CSF, ISO 27001, CRI Profile, etc.) to identify residual risks and gaps
- Conduct periodic reviews of security controls, evaluating design, coverage, and effectiveness
- Identify control weaknesses and support remediation planning
- Ensure compliance with regulatory, client, and internal cybersecurity requirements
- Automate and streamline GRC framework processes
- Collaborate with Audit, Cyber Risk, Legal, Compliance, IT, Risk Management, and business teams to align GRC with business objectives
- Contribute to reporting frameworks, delivering metrics and insights on security posture
- Analyze trends in security events and activities to identify risks and gaps
PROFILE:
Mandatory requirements
- Minimum 5 years of experience in Security GRC, IT Risk, Cyber Risk, IT Audit, or Regulatory Compliance
- Strong knowledge of security frameworks (NIST CSF, ISO 27001, COBIT, CRI Profile, etc.)
- Solid understanding of security domains: application security, infrastructure security, vulnerability management, IAM, data protection, incident management, third-party risk, cloud security
- Experience managing audits, regulatory examinations, and compliance programs
- Strong analytical, problem-solving, communication, and documentation skills
- Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience
- Proficiency with MS Office and project management methodologies
Nice to have
- Experience with GRC tools (preferably RSA Archer)
- Professional certifications (CISSP, CISM, CISA, CRISC, CCSP, Security+, CCSK, GSEC, etc.)
Language
Ability to communicate in English, both orally and in writing, is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States.
-Hybrid setup 4 days a week in the office is mandatory.
