Company:
BizTech Staffing
Location: Dallas
Closing Date: 02/11/2024
Hours: Full Time
Type: Permanent
Job Requirements / Description
Summary of Responsibilities:
The Senior Analyst for Cybersecurity Policy and Standards Management will play a key role in developing, maintaining, and overseeing cybersecurity policies, standards, and procedures within the organization. This position requires close collaboration with business, IT, and security teams to ensure that all documentation related to cybersecurity controls and processes is current, comprehensive, and aligned with organizational goals. The role involves managing both new and existing documents through a rigorous process of development, review, and approval.
Key Responsibilities:
- Conduct thorough reviews of existing cybersecurity documentation to identify and prioritize updates.
- Develop new security policies, standards, and responsibility frameworks that clearly outline the organization’s security protocols.
- Leverage and improve the use of the Enterprise Policy Management tool (OneTrust) to streamline IT policy and standard management.
- Manage the attestation process for policies and standards, ensuring that all stakeholders acknowledge and comply with documented requirements.
- Facilitate policy and standards development or revisions through collaboration with subject matter experts (SMEs) and secure leadership approval.
- Create and implement questionnaires to evaluate compliance with existing cybersecurity policies, identify gaps, and document these in the Cybersecurity Risk Register.
- Oversee the policy/standards exception process, ensuring proper documentation and approval.
Qualifications:
- Bachelor's degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering, or a related field.
- Minimum of 5 years of experience in Information Technology or Information Security.
- At least 3 years of experience in drafting security policies, standards, and procedures.
- Preferred certifications: CISSP, CISA, CISM, CGEIT, CRISC (candidates with any of these certifications will be given preference).
Technical Skills:
- Proficiency with GRC tools, specifically OneTrust.
- Strong understanding of Identity and Access Management & Governance, including technologies like Microfocus NetIQ, Active Directory, Centrify, Entra.
- Experience with IT asset management using ServiceNow or similar Configuration Management Databases (CMDB) and network asset discovery tools.
- Familiarity with control frameworks and standards such as NIST CSF, NIST RMF, PCI-DSS, SOX, GDPR, CCPA, CIS Controls, ISO/IEC 27001.
- Working knowledge of operating systems, databases, and middleware components.
- Experience in conducting compliance and risk assessments.
- Proficiency in Office 365 tools (Word, Excel, SharePoint, Entra, OneDrive, Teams, PowerPoint).
- Ability to manage IT and security projects effectively.
Key Competencies:
- Self-driven and results-oriented, with strong prioritization skills to manage competing demands.
- Outstanding organizational abilities, capable of handling multiple tasks and leading projects.
- Excellent verbal and written communication skills.
- Strong interpersonal skills to build consensus, collaborate effectively, and establish solid relationships with internal and external stakeholders across business, development, and security teams.
- Adaptability to apply knowledge to new technologies and evolving scenarios.
Share this job
BizTech Staffing