{"id":914,"date":"2025-12-25T05:50:36","date_gmt":"2025-12-25T05:50:36","guid":{"rendered":"https:\/\/skillbasedmatching.com\/jobs\/?post_type=jobpost&#038;p=914"},"modified":"2025-12-25T05:50:39","modified_gmt":"2025-12-25T05:50:39","slug":"cyber-risk-controls-analyst-infosec-grc","status":"publish","type":"jobpost","link":"https:\/\/skillbasedmatching.com\/jobs\/current-jobs\/cyber-risk-controls-analyst-infosec-grc\/","title":{"rendered":"Cyber Risk &#038; Controls Analyst \u2013 INFOSEC GRC"},"content":{"rendered":"\n<p>\u200bThis is a <strong>100% Remote<\/strong> position (listed with a Raleigh, NC headquarters) within the Information Security Governance, Risk, and Compliance (GRC) department. The role is focused on the formal identification and evaluation of cybersecurity risks, specifically through <strong>Risk and Control Self-Assessments (RCSAs)<\/strong>. You will act as a critical bridge between technical security teams and enterprise risk standards, ensuring that all security exceptions and process-level risks are documented, rated, and remediated according to regulatory and industry frameworks.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Requisition ID:<\/strong> 32036<\/li>\n\n\n\n<li>\u200b<strong>Location:<\/strong> Remote (US)<\/li>\n\n\n\n<li>\u200b<strong>Schedule:<\/strong> Monday \u2013 Friday<\/li>\n\n\n\n<li>\u200b<strong>Core Frameworks:<\/strong> NIST CSF and NIST SP 800-53.<\/li>\n\n\n\n<li>\u200b<strong>Key Systems:<\/strong> Enterprise Risk System of Record (GRC Tooling).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bKey Responsibilities: Risk Assessment and Control Governance<\/h2>\n\n\n\n<p>\u200bThis role ensures that the organization\u2019s &#8220;cyber posture&#8221; is accurately measured and that gaps are identified before they can be exploited.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bRCSA and Exception Management<\/h3>\n\n\n\n<p>\u200bYou will lead <strong>cybersecurity process-level RCSAs<\/strong> in partnership with business function owners. This involves analyzing both <strong>inherent risk<\/strong> (the risk level without controls) and <strong>residual risk<\/strong> (the risk remaining after controls are applied). You will also manage the lifecycle of <strong>Information Security Standard Exceptions<\/strong>, assessing the risks of non-compliance and reporting these aggregations to leadership.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bControl Design and Effectiveness<\/h3>\n\n\n\n<p>\u200bA major part of your work involves drafting and refining control statements to ensure they are clear, actionable, and effective. You will review existing controls for <strong>design effectiveness<\/strong>, identifying where gaps or inconsistencies exist. You are responsible for updating the system of record with current risk ratings and control environment scores on a regular cadence to maintain an accurate risk profile.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bCompliance and Remediation Planning<\/h3>\n\n\n\n<p>\u200bYou will evaluate security controls against <strong>Enterprise Policies<\/strong>, regulatory requirements (common in financial institutions), and frameworks like <strong>NIST 800-53<\/strong>. When gaps are found, you will support remediation planning by documenting improvement recommendations and defining the &#8220;target-state&#8221; for enhanced controls.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bRequired Qualifications and Skills<\/h2>\n\n\n\n<p>\u200bThe ideal candidate has a strong background in structured risk taxonomies and the ability to communicate complex risks to both technical and business stakeholders.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Experience:<\/strong> 6 years in cybersecurity\/risk management with a Bachelor\u2019s degree (or 10 years with a HS Diploma\/GED).<\/li>\n\n\n\n<li>\u200b<strong>Technical Knowledge:<\/strong> Proven experience performing <strong>RCSAs<\/strong> and a working knowledge of <strong>NIST CSF<\/strong> and <strong>NIST 800-53<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Communication:<\/strong> Ability to write clear, professional risk and control descriptions and assessment findings.<\/li>\n\n\n\n<li>\u200b<strong>Analytical Skills:<\/strong> Strong attention to detail, specifically in mapping technical controls to broad regulatory requirements.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bPreferred Qualifications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Industry Context:<\/strong> Experience within <strong>large financial institutions<\/strong> or highly regulated environments.<\/li>\n\n\n\n<li>\u200b<strong>Certifications:<\/strong> CISA, CRISC, CISM, CISSP, or Security+.<\/li>\n\n\n\n<li>\u200b<strong>Strategic Thinking:<\/strong> Background in <strong>control rationalization<\/strong> (simplifying redundant controls) and evidence evaluation.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bSummary of Role Impact<\/h2>\n\n\n\n<p>\u200bIn a large-scale enterprise, especially within the financial sector, &#8220;compliance is not security,&#8221; but security cannot be proven without compliance. In this role, your analysis ensures that the organization understands its true risk exposure. By maintaining a rigorous RCSA process and managing security exceptions, you prevent &#8220;shadow IT&#8221; risks from going unnoticed and ensure that remediation efforts are prioritized based on actual business impact.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u200bThis is a 100% Remote position (listed with a Raleigh, NC headquarters) within the Information Security Governance, Risk, and Compliance (GRC) department. The role is focused on the formal identification and evaluation of cybersecurity risks, specifically through Risk and Control Self-Assessments (RCSAs). You will act as a critical bridge between technical security teams and enterprise [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","jobpost_category":[43],"jobpost_job_type":[39],"jobpost_location":[1041],"jobpost_tag":[4143,4141,23,1936,1231,1619,4142,81,587],"class_list":["post-914","jobpost","type-jobpost","status-publish","hentry","jobpost_category-it","jobpost_job_type-remote","jobpost_location-united-states","jobpost_tag-control-testing","jobpost_tag-cyber-risk-analyst","jobpost_tag-financial-services","jobpost_tag-grc","jobpost_tag-nist-800-53","jobpost_tag-nist-csf","jobpost_tag-rcsa","jobpost_tag-remote","jobpost_tag-risk-management"],"_links":{"self":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost\/914","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost"}],"about":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/types\/jobpost"}],"author":[{"embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/media?parent=914"}],"wp:term":[{"taxonomy":"jobpost_category","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_category?post=914"},{"taxonomy":"jobpost_job_type","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_job_type?post=914"},{"taxonomy":"jobpost_location","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_location?post=914"},{"taxonomy":"jobpost_tag","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_tag?post=914"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}