Cyber GRC Analyst

About the position The Governance, Risk and Compliance (GRC) Analyst will have a good understanding of security and privacy principles as well as a sound understanding of regulatory and compliance requirements affecting a US business. As a GRC analyst your roles will support and maintain the Realtor.com Cyber GRC Program along with the BISO and central GRC function, including the development, implementation and maintenance of cyber security policies, standards, guidelines and processes to ensure compliance is maintained and risk is managed.

Responsibilities

• Work with key internal and external stakeholders to ensure compliance with PCI DSS, Privacy and GDPR compliance requirements, audits and assessments.
• Assist in the risk assessment process and report on enterprise-wide and third-party security controls
• Support in the implementation of key security initiatives across the organisation
• Support management of audits, external assessments and assurance processes including, but not limited to PCI DSS and NIST CSF
• Develop and manage meaningful metrics to measure and track cyber risks and the effectiveness of the governance, risk and compliance function
• Conduct compliance readiness assessments and assurance activities against policies, standards requirements
• Track technology and cyber related audit findings and actions
• Assist with the development of measurable cyber security standards that align with policy control objectives
• Support user and specialist user education and awareness exercises for employees
• Assist in the development of effective measurement and simplified reporting of cyber security risks within the business
• Assist with third party security assessments against industry standards as well as News UK control standards
• Assist in maintaining the cyber security risk register

Requirements

• 3+ years’ experience within Cyber Security or related fields
• Demonstrated experience in governance, risk and compliance in dynamic and complex cyber security, technology and business environment
• Strong knowledge and experience with Industry Frameworks and Standards such as NIST CSF, PCI DSS and ISO 27001
• Good working knowledge of Cloud infrastructure, especially AWS
• Strong oral and written communication skills
• Qualification in Information Security, Computer Science, Engineering or similar

Nice-to-haves

• Previous experience working in a SOX compliance environment is desirable
• Professional security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or similar preferred

Benefits

• comprehensive and competitive benefits package covering health, retirement, wellbeing, and more, along with optional benefits to meet the diverse needs of our employees.