Overview

Position Summary:
The Security Program Governance Analyst is responsible for supporting the development, implementation, and ongoing maintenance and governance of the cybersecurity program. The Analyst will monitor the activities of the core services, make updates to the security program, and manage key security initiatives. The successful analyst will be involved in the design and integration of cybersecurity controls and processes into the organization working closely with technology risk management cyber security leaders, technology process owners, and business process owners.

Principal Responsibilities:
• Research key inputs for the security strategy, program assessments and control lifecycle processes
• Track the status of lifecycle and quality assurance of audit actions and documented core processes, and activities.
• Develop workflows and end to end solutions
• Consult with customers to gather and define requirements
• Create reports that provide visibility into the adherence to policy and procedures
• Align cybersecurity program assessment reporting with stakeholders in support of managing risk and identifying opportunities to enhance security profile
• Coordinate and manage findings from the key cyber security program initiatives and their alignment with NIST CSF and the FSSCC Cybersecurity Profile including rationale(s) for risk reduction or avoidance
• End to End Process Analysis and risk reduction initiatives
• Research best practices and industry trends for the information security program with external organization, 3rd parties, industry specialists, symposiums, and industry organizations and assess suitability for implementation
• Develop, communicate and ensure adherence to department risk policies, procedures and best practices

Qualifications:
• Bachelor’s degree (Cybersecurity, Information Sciences, Management Information Systems)
• Previous job experience for this position can and should vary greatly to have a team with diverse perspectives and work experiences
• Database Administration and development experience required
• Knowledge of Agile methodology and philosophy required
• Experience with a GRC Platform required
• Entry level C# programming experience required
• Power BI experience required
• Business analyst experience
• General knowledge of Information Security framework and how to integrate control requirements
• Knowledge of APIs & database concepts
• Well-versed in secure software development lifecycle procedures & concepts.

Knowledge and Skills Required:
• Agile experience with Kanban and Scrum within a JIRA environment
• Excellent verbal and written communication skills
• Knowledge of technical infrastructure, networks, databases and systems and how they affect an organization’s cybersecurity risk
• Experience in Process Improvement
• Knowledge of Database Reporting
• Knowledge of technology industry best practices and standards National Institute of Standards and Technology, International Organization for Standardization
• Ability to explain and articulate technical concepts using both technical and non-technical language
• Excellent presentation skills (MS PowerPoint), Ability to manipulate data in a spreadsheet, pivot tables, etc. (MS Excel)