SIGN IN
Sr Analyst GRC Cybersecurity jobs in United States
cer-icon
Apply on Employer Site
company-logo

NRECA · 14 hours ago

Sr Analyst GRC Cybersecurity

positionArlington, VA
timeFull-time
remoteHybrid
senioritySenior Level
date7+ years exp
NRECA is a unique national trade association providing advocacy, financial services and business support services to over 900 consumer owned electric cooperatives across the country. This position leads key functions within Cybersecurity Governance, Risk, and Compliance, focusing on cybersecurity risk identification, assessment, prioritization, and lifecycle governance while advising stakeholders on mitigation strategies.
CommunitiesElectronicsEnergy
check
Comp. & Benefits

Responsibilities

Advises IT and business units by leading activities to identify, assess, and prioritize cybersecurity risks, ensuring alignment with legal, regulatory, contractual, policy, and standard requirements
Partners with risk and control owners to develop, implement, and maintain risk registers and metrics; governs and reports on risks and mitigations throughout the lifecycle; maintains risk management policies, standards, and the assessment plan
Manages compliance and issue management activities, coordinating with regulators and auditors to track and remediate issues. Tests controls for design and effectiveness and partners with owners to implement remediation, reporting on findings and status
Analyzes findings to identify vulnerabilities and opportunities to strengthen controls, governance, and mitigation. Proactively advises leaders on improvements and ensures proper prioritization and escalation of risks
Performs cybersecurity risk governance, ensuring activities follow the governance framework and reporting on conformance
Facilitates monthly security risk meetings to report activities, metrics, risks, and improvement opportunities
Optimizes the risk governance framework based on best practices and guides IT and business stakeholders in implementing governance requirements
Leads development of third-party risk management policies and standards and advises on the annual assessment plan; works closely with stakeholders on third party assessments and risk management
Defines risk and control requirements for systems, data, and technology across cloud, on premises, and third-party environments; assesses system designs for risks and cybersecurity noncompliance
Maintains and continually develops expertise in GRC trends, technologies, and evolving methods to ensure organizational alignment with current practices

Qualification

Cybersecurity Risk ManagementInformation Security FrameworksGRC ToolsAWSAzureM365Risk AssessmentsCompliance AutomationCISSPCRISCCISACISMSoft Skills

Required

Bachelor's in Computer Science, Management Information Systems, Information Security, or related field
7+ years of experience in IT and information security risk management, compliance, audit, and governance
7+ years of experience leading and conducting information security risk assessments, control audits, and third-party security risk assessments
Strong technical knowledge of IT and information security technologies, including AWS, Azure, and M365
Experience with information security frameworks, standards, and best practices such as NIST CSF, NIST RMF, NIST 800-30, NIST 800-53, NIST 800-171, HIPAA, SOC2, CIS, ISO 27001/27002, and COBIT
Experience with GRC tools, reports and dashboards development, and compliance automation
Ability to report to the office

Preferred

Technical knowledge pertaining to security hardening of OS, applications and networks
Experience reviewing system or network designs for risk and compliance that encompass multiple enclaves/networks, including those with different data protection or classification
Conducted Third-Party Security assessments reviewing contracts for security requirements and inserting risk management practices within existing processes
Led the implementation of technical security controls across all phases of the SDLC, ensuring alignment with security architecture standards and compliance requirements
Preferred Certifications: Information Systems Security Professional (CISSP)
Preferred Certifications: Risk and Information Systems Control (CRISC)
Preferred Certifications: Certified Information Systems Auditor (CISA)
Preferred Certifications: Certified Information Systems Manager (CISM)

Company

NRECA

twittertwittertwitter
company-logo
NRECA is the national organization dedicated to representing the interests of electric cooperatives and the consumers they serve.
dateFounded in 1942
location
Arlington, Virginia, USA
people-size501-1000 employees
web-link
https://www.electric.coop/

Funding

Current Stage
Late Stage
Total Funding
$15M
Key Investors
US Department of Energy
2022-11-01Grant· $15M

Leadership Team

leader-logo
Jim Matheson
CEO
linkedin
leader-logo
Jeffrey Connor
Chief Operating Officer
linkedin

Recent News

Smart Electric Power Alliance
SEPA Appoints Angela Strickland as Chief Experience Officer and Monica Trauzzi as Chief Communications Officer
2025-09-10
Arab Times
NREC Shareholders approve the distribution of 5% bonus shares
2024-05-23
Fierce Telecom
Electric co-ops are ready to compete in broadband market
2024-04-07
Company data provided by crunchbase