Information Security Governance, Risk and Compliance Analyst

We'relooking for anInformation SecurityGovernance,Risk & ComplianceAnalystto join our growing Information Security team. This role will be reporting to the Manager of Information SecurityGovernance,Risk & Compliance. Our security team works to create astrong Information Security functionwithinGTIthat enables the business to continue its tremendous growth. The Information Security Governance, Risk & ComplianceAnalyst is responsible for maintainingcontinuouscompliance with security policies, industry laws,and regulations (HIPAA, SOX, NIST, etc.). The candidate must communicate effectively with business partnersandteam membersto help raise the level of security awareness, security compliance, and security risk.The candidate will performenvironment-specific risk assessments factoring in both qualitative and quantitativerisks and assistwith thedeployment of various controls based on those assessments.This role will also involve ongoing monitoring and improvement of securitygovernance, ensuring a proactive approach to risk management.

The role is based out of our Chicago, office. While the role is primarily remote, you need to live in the Chicagoland area and commute to the office on an as needed basis.

• Own the relationshipworkingwith IT and business stakeholdersto perform ongoing internal and vendor risk assessments,providing reporting tostakeholders,and ensuringappropriate actionis taken.

• Update and track KPIs from theInformation Security risk registerand work with stakeholders on developing Corrective Action Plans to address risks.

• Provide guidance to newer staff workingwith internal IT stakeholders for vulnerability management,ensuring vulnerabilities are remediatedin accordance withpolicy and SLAs.

• Own the process for workingwith IT and business stakeholders to perform ongoing compliance reviews in line with security policies, information security regulations (HIPAA, SOX/ITGC),and security frameworks (NIST, MITRE, etc.).

• Assistwithongoinginternaloperationsandtasks,includingITGCsecurityreviews.

• Spearhead theongoinginternalandexternalSOXandHIPAAauditsandothersecurityauditsthatarerelevanttoGTI'sbusiness.

• Provideupdatesand insight duringthe developmentand maintenanceof Information Security policies,standardsand procedures, aligning with NIST.

• Leadtheidentification ofsecurity training and awareness initiativesfor the organization.

• Participateinincidentresponsetabletops,businesscontinuitytests,andothercomplianceactivitiesandexercises.

• MaintainKPIs and KRIs for Information Security risk & compliance activities.

• Execute tasks as a member of the Information Security team as assigned by management.

• Provide mentorship and guidance to Associate Information Security GRC Analysts.

• Stay up to date on relevant laws and regulations to ensure continuous compliance andauditreadiness.

• Collaborate with the IT and security teams in response to security incidents, ensuring proper documentation and reporting.

• 3+ years of experience with responsibilities relating to security and compliance.

• Bachelor's degree or higher in Information Securityor Information Technologymay help you standout butis notrequired. Demonstrated work experience can be substituted.

• Strong written and oral communication skills.

• Strong conceptual understanding ofInformation Security theories.

• Knowledgeof network, application, and cloud securitycontrols.

• Knowledge ofregulatory frameworks and compliance standardssuch asNIST, MITRE, OWASP, HIPAA,PCI-DSSand SOX.

• Stronganalytical andproblem-solvingskills with well-organized and structured work habits, andthe ability toidentifyand mitigate risks.

• Security certifications, such asCRISC,CISAarepreferred, butnotrequired.

• We'redoingsomebigthings,andwe'llfindsomeroadblocksalongtheway,bigandsmall.Abigpartofthisroleiskeepinganeven keeland findingtheroutethroughor around theobstacles.

• This role requires lots of communication with customers and everyone at GTI. Your colleagues will rely on yourabilitytotranslatesecurityrequirementsintodigestiblebitsofinformationforthem.Customerswillexpectyouto quickly articulate components of the GTI security program to help them assess risk, including as part of thebusinessdevelopment process.

• Aninsatiableintellectualcuriosityandtheability tolearnquicklyinacomplexspace.

• Must passany and allrequired background checks
• Must be and remain compliant with all legal or company regulations for working in the industry
• Must be a minimum of 21 years of age

#LI-HYBRID