Cybersecurity Analyst
BuzzClan, Houston, TX, United States
Company Description
Job Description
Title: Infosec Analyst
Start: ASAP
CJIS required: YES
Job Description
Client is seeking a Cybersecurity Analyst - Governance, Risk, & Compliance (GRC) to join our team. Now is a great time to join Universal Services as we enhance critical services to County residents and internal customers!
Key Responsibilities:
Governance
• Assist in the development, maintenance, and enforcement of security policies, standards, and procedures.
• Participate in the creation and management of the organization's information security governance framework.
• Monitor the effectiveness of cybersecurity controls and propose improvements.
Risk Management
• Conduct risk assessments for systems, vendors, and processes to identify vulnerabilities and areas of non-compliance.
• Maintain a risk register and track remediation efforts for identified risks.
• Support business units in developing risk mitigation strategies and action plans.
Compliance
• Ensure compliance with industry standards, regulatory requirements, and frameworks (e.g., NIST CSF, ISO 27001, HIPAA, PCI-DSS, CJIS, GDPR).
• Assist with internal and external audits, including evidence collection and audit readiness.
• Develop and maintain metrics and dashboards to report on compliance status and risk posture to stakeholders.
Third-Party Risk
• Conduct due diligence and security assessments for third-party vendors and service providers.
• Maintain documentation and track remediation efforts related to vendor risk management.
Training & Awareness
• Contribute to the development of security awareness training materials.
• Promote cybersecurity awareness across the organization to foster a culture of security. Continuous Improvement
• Monitor emerging cybersecurity threats, trends, and regulatory changes.
• Recommend and implement improvements to the GRC program in alignment with industry best practices.
Qualifications
Requirements
Education:
A High School Diploma or GED accompanied by a recognized cybersecurity certification (e.g., Security+, SSCP, or equivalent), or a Bachelor's degree in a related field such as Cybersecurity, Information Technology, or Information Systems.
Experience:
• 2-5 years of experience in Governance, Risk, and Compliance (GRC), cybersecurity, IT audit, or risk management.
• Hands-on experience with GRC tools (e.g., Archer, ServiceNow GRC, MetricStream).
• Familiarity with security and privacy regulations and frameworks (e.g., NIST, ISO, GDPR, HIPAA, SOC 2). Skills and Competencies
• Strong analytical, organizational, and problem-solving skills.
• Ability to communicate effectively with technical and non-technical audiences.
• Knowledge of cybersecurity principles, risk management practices, and regulatory environments.
• Proficient in Microsoft Office 365, including Excel, PowerPoint, and SharePoint.
• Ability to work independently and collaboratively in a fast-paced environment.
Preferences
• Industry certifications such as CISSP, CISA, CRISC, Security+, or ISO 27001 Lead Implementer/Auditor are highly desirable.
• Demonstrated passion for cybersecurity, risk reduction, and continuous professional development.
• Strong attention to detail with an emphasis on accuracy and quality.
• Excellent communication and interpersonal skills with a collaborative, team-oriented approach.
Additional Information
All your information will be kept confidential according to EEO guidelines.
Job Description
Title: Infosec Analyst
Start: ASAP
CJIS required: YES
Job Description
Client is seeking a Cybersecurity Analyst - Governance, Risk, & Compliance (GRC) to join our team. Now is a great time to join Universal Services as we enhance critical services to County residents and internal customers!
Key Responsibilities:
Governance
• Assist in the development, maintenance, and enforcement of security policies, standards, and procedures.
• Participate in the creation and management of the organization's information security governance framework.
• Monitor the effectiveness of cybersecurity controls and propose improvements.
Risk Management
• Conduct risk assessments for systems, vendors, and processes to identify vulnerabilities and areas of non-compliance.
• Maintain a risk register and track remediation efforts for identified risks.
• Support business units in developing risk mitigation strategies and action plans.
Compliance
• Ensure compliance with industry standards, regulatory requirements, and frameworks (e.g., NIST CSF, ISO 27001, HIPAA, PCI-DSS, CJIS, GDPR).
• Assist with internal and external audits, including evidence collection and audit readiness.
• Develop and maintain metrics and dashboards to report on compliance status and risk posture to stakeholders.
Third-Party Risk
• Conduct due diligence and security assessments for third-party vendors and service providers.
• Maintain documentation and track remediation efforts related to vendor risk management.
Training & Awareness
• Contribute to the development of security awareness training materials.
• Promote cybersecurity awareness across the organization to foster a culture of security. Continuous Improvement
• Monitor emerging cybersecurity threats, trends, and regulatory changes.
• Recommend and implement improvements to the GRC program in alignment with industry best practices.
Qualifications
Requirements
Education:
A High School Diploma or GED accompanied by a recognized cybersecurity certification (e.g., Security+, SSCP, or equivalent), or a Bachelor's degree in a related field such as Cybersecurity, Information Technology, or Information Systems.
Experience:
• 2-5 years of experience in Governance, Risk, and Compliance (GRC), cybersecurity, IT audit, or risk management.
• Hands-on experience with GRC tools (e.g., Archer, ServiceNow GRC, MetricStream).
• Familiarity with security and privacy regulations and frameworks (e.g., NIST, ISO, GDPR, HIPAA, SOC 2). Skills and Competencies
• Strong analytical, organizational, and problem-solving skills.
• Ability to communicate effectively with technical and non-technical audiences.
• Knowledge of cybersecurity principles, risk management practices, and regulatory environments.
• Proficient in Microsoft Office 365, including Excel, PowerPoint, and SharePoint.
• Ability to work independently and collaboratively in a fast-paced environment.
Preferences
• Industry certifications such as CISSP, CISA, CRISC, Security+, or ISO 27001 Lead Implementer/Auditor are highly desirable.
• Demonstrated passion for cybersecurity, risk reduction, and continuous professional development.
• Strong attention to detail with an emphasis on accuracy and quality.
• Excellent communication and interpersonal skills with a collaborative, team-oriented approach.
Additional Information
All your information will be kept confidential according to EEO guidelines.