Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Governance, Risk, and Compliance (GRC) Auditor
Company Sierra-Cedar, LLC
Location Southeast USA
Preferred GIAC Certifications GIAC Information Security Fundamentals (GISF) (minimum)
Travel 10%
Salary DOE
Contact Name Tricia Campbell
Contact Email tricia.campbell/at/
Expires 2021-04-15

Job Description

The Governance, Risk, and Compliance (GRC) Auditor is responsible for monitoring and measuring the effectiveness of Sierra-Cedar’s security controls. The GRC Auditor will assist with Sierra-Cedar’s vulnerability management program, internal and external audit processes, employee information security training and awareness campaigns, and security metrics design and implementation. The GRC Auditor will be responsible for understanding, developing, and tracking the implementation and maintenance of security standards required in the company’s client contracts.
May live anywhere in the Southeast US region, with the ability to travel to the Alpharetta, GA office as needed.

• Ability to multitask, self-manage time and commitments, and understand complex technical problems.
• Communication and people skills to be able to work with other teams.
• Be familiar with common information security policies, standards, and audit frameworks.
• Understand the different types of vulnerabilities, the criticality of vulnerabilities, and how vulnerabilities are addressed.
• Have a working knowledge of risk transfer, risk acceptance, and risk mitigation strategies as they apply to an enterprise computing environment.
• Must have strong project management skills.
• Convey technical concepts to managers and employees effectively.
• Develop, evaluate, and implement technical systems.
• Develop strategic road maps and communicate them effectively
• Differentiate between strategic and tactical approaches
• Familiarity with industry, state, federal, and international legislation such as PCI, SOX, HIPAA, CMR201, US-EU Privacy Shield, GDPR, CCPA, FERPA, etc.

• Assess the results of security metrics and make recommendations based on the data results.
• Develop and implement automation process where possible to increase efficiency and accuracy.
• Perform auditing and compliance activities to ensure the established policy is being followed.
• Stays up to date and researches industry trends in vulnerability management.
• Assist in developing strategic direction for information security and compliance initiatives within the traditional datacenter and AWS.
• Work with other business units to implement cohesive security procedures.
• Review and advise business units of the security risks to new or changed computing architectures.
• Work with Technical Sales on RFP responses and Security questionnaires related to the client’s security requirements.
• Work with Sierra-Cedar’s clients on their security initiatives as they relate to the applications hosted by Sierra-Cedar.
• Work with the Director of Corporate Security on the yearly business plan to increase security compliance.
• Develop and maintain quarterly key performance indicators (KPIs) for Sierra-Cedar’s security compliance.
• Assist with the bi-annual SSAE18 audits.
• Assist with the coordination of yearly penetration tests.
• Assist with the management and creation of policies for Sierra-Cedar’s Data Loss Prevention solution.
• Assist with the management of employee training and phishing exercises.
• Educate staff to increase awareness of security policies and best practices.
• Review upcoming legislation which may affect Sierra-Cedar’s delivery of its services.
• Recommend appropriate mitigation and compliance steps as required by legislation.

• Must be able to manage projects, resources, and time effectively.
• Strong ability to carry out assigned administrative tasks with limited oversight.
• Ability to think “outside the box” when developing solutions.
• Speaks clearly and persuasively in positive or negative situations. Listens and gets clarification. Responds well to questions and participates in meetings.
• Looks for ways to improve and promote quality. Demonstrates accuracy and thoroughness.
• Ability to follow policies and procedures. Completes administrative tasks correctly and on time.
• Display willingness to make decisions. Exhibit sound and accurate judgment. Support and explain the reasoning for decisions.
• Demonstrates leadership and foster collaborative team approach – interacts well with front line and management providing consultation and expert advice on systems related topics.
• Ability to communicate effectively with other employees, from executives to co-workers, within and across teams.
• Ability to document and present information clearly and concisely to cross-operational teams and executive management.
• Short-term and Long-term strategic planning of the organization’s technology and solutions.
• Develop and/or adjust processes to evolve with business and demand.
• Attend vendor technology briefings to understand potential uses of new technologies.
• Participate in new technology implementation projects in an Advisor capacity.

• Must have 3+ years of experience in a governance, risk, or compliance role on an enterprise-level.
• Must have experience using or governing AWS services.
• Experience operating in a datacenter, service provider, or similar high availability environment.
• Experience in a mathematics, statistics, or business intelligence role is a plus.
• Experience performing searches and developing dashboards in Splunk is required.
• Experience developing executive-level dashboards and visuals that quickly and easily convey key information.
• Experience using and generating output from Tenable Security Center or similar vulnerability scanners.
• At least one information security certification from a security vendor such as those from ISACA, GIAC, or ISC2.
• Industry affiliations such as ISSA, DSCI, InfraGard, GIAC, etc. are preferred.
• Bachelor's degree required.

Sierra-Cedar delivers industry-focused client success by providing consulting, technical, and managed services for the deployment, management, and optimization of next-generation applications and technology. We offer a competitive benefits package including 401(k), Health, Disability, and Life. Sierra-Cedar is an Equal Opportunity Employer.