Apply on Employer Site

Fractional CISO · 1 month ago

GRC Cybersecurity Analyst

Auburndale, MA

Full-time

Hybrid

Entry, Mid Level

$80K/yr - $90K/yr

2+ years exp

Fractional CISO is a unique cybersecurity consulting firm focused on providing expert cybersecurity advice to medium-sized tech firms. As a GRC Cybersecurity Analyst, you will lead internal audits, conduct risk assessments, and develop cybersecurity policies to enhance clients' security management programs.

Information TechnologyNetwork Security

Responsibilities

Leading Internal Cybersecurity Audits to ensure our clients’ operational environments stay compliant and secure

Planning and running tabletop training exercises to help our clients’ employees practice how they will respond to a cybersecurity incident

Performing quantitative Risk Assessments for clients so they can understand where to make smart investments in their cybersecurity

Responding to security questionnaires from our clients’ customers so they can grow their businesses

Writing cybersecurity policy documents to build up our clients’ cybersecurity programs

Assisting with evidence collection to help our clients prepare for external compliance audits

Providing advice and guidance to clients on a wide range of cybersecurity topics

Project managing client accounts to keep them on track

Contributing to service development program to improve our client deliverables

Qualification

GovernanceRiskComplianceCybersecurity AuditsRisk AssessmentsTechnical WritingSecurity ComplianceSecure Software DevelopmentCloud AdministrationNetwork AdministrationEthical StandardsProject ManagementCommunication SkillsProblem SolvingTeam Collaboration

Required

2 or more years of experience as a SOC analyst, developer, incident response remediator, technical auditor, IT administrator with security responsibilities or similar technical role

A passion about solving clients' security challenges

High personal and professional ethical standards

Experience managing internal projects and initiatives

Well-developed technical writing skills

Preferred

Technical experience in Security Operations (SOC)

Technical experience in Security Compliance (SOC 2, ISO 27001, PCI-DSS, HIPAA, TX-RAMP, etc.)

Technical experience in Secure Software Development Lifecycle (S-SDLC) practices

Technical experience in System Administration (Windows, Linux)

Technical experience in Cloud Administration (AWS, Azure, Google Cloud)

Technical experience in Network or firewall administration

Knowledge of security operations tools, systems, and practices (SIEM, WAF, vulnerability scanning, penetration testing, system hardening, MFA, SSO, etc.)

Able to explain at a high level how the Internet and websites function

Familiar with core networking concepts, protocols, and common services

Understanding of encryption concepts and SSL/TLS certificates

General scripting or coding experience

Cybersecurity certifications (SSCP, CompTIA Security+, etc.)

Experience with any security frameworks (NIST CSF, CIS, COBIT, etc.)

A degree in Cybersecurity or a related field