Security GRC Specialist II

Hybrid 3 days onsite and 2 days remote - Austin, TX

Looking for a candidate with 5 years security. You either came up through audit or technical security but has a very good understand the frameworks ISO 27001 NIST SOC. You will do GRC across the enterprise infrastructure applications etc. also do third party GRC must have great soft skills technical writing skills any certifications a plus

The Security GRC Specialist II serves on the Governance, Risk Compliance (GRC) team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management.

Qualifications & Requirements

• Bachelor's degree or five (5) years of work experience in IT Security is required.
• Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required
• Prior IT Security experience in the legal industry experience is preferred.
• Technical writing experience is required.
• Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred.
• Three or more years of experience managing timelines and being self-directed preferred.
• Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred.
• Client focus, including tact and diplomacy is required.
• Interview, gather, and understand content from subject-matter experts
• Maintain accurate records and manage client security and risk requests
• Ability to perform as primary Security Subject Matter Expert (SME).
• Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls.
• Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents.
• Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users.
• Strong analytical ability with excellent written and verbal communication skills required
• Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required
• Ability to work independently and as a group member is required
• SharePoint administration is preferred for team Intranet site management

Technologies/Software

• Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.
• Strong knowledge of risk management principles and practices.
• Strong knowledge of security administration and role-based security controls.
• Strong knowledge and use of GRC platforms.
• Knowledge of host and network-based anti-malware technologies.
• Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
• Knowledge of client and server Firewalling technologies and capabilities.
• Knowledge of security event management (SIEM), event correlation and analysis technologies.
• Knowledge of data encryption technologies.
• Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
• Knowledge of web filtering and email SPAM prevention techniques.
• Knowledge of vulnerability assessment and forensic investigations tools.
• Knowledge of mobile device security and Mobile Device Management solutions.
• Knowledge of Privileged Access Management technologies.