GRC Security engineer
3B Staffing LLC, Boston, MA, United States
This is an onsite position
Looking for someone out of pharma/life sciences companies
Title:
IT Security Engineer
Location:
Metrowest of Boston MA
Onsite Requirements:
Onsite
Start:
ASAP
Duration:
6Months + Extensions
Industry: Life Sciences
Key Responsibilities
1. Business Resilience
Conduct risk assessments and business impact analyses (BIA).
Develop and implement business continuity and disaster recovery (BC/DR) plans.
Design crisis management frameworks and incident response strategies.
Ensure compliance with regulatory and industry standards (e.g., ISO, NIST, HIPAA).
Facilitate resilience training, tabletop exercises, and testing programs.
Collaborate with cross-functional teams to enhance organizational resilience.
2. Third-Party Risk Management
Conduct security risk assessments of third-party vendors and service providers.
Develop and maintain third-party risk management (TPRM) frameworks.
Evaluate vendor security controls against industry benchmarks.
Partner with procurement, legal, and IT teams to embed risk assessments into onboarding and contract workflows.
Track and manage vendor risk findings, ensuring timely remediation.
Advise stakeholders on regulatory compliance requirements.
3. Continuous Improvement
Monitor and evaluate the effectiveness of GRC programs and initiatives.
Conduct performance assessments and identify areas for improvement.
Implement enhancements to governance practices and risk management capabilities.
Support the integration of IT security monitoring systems into GRC platforms for unified reporting.
4. Security Awareness & Training
Design and execute phishing simulation campaigns to assess user awareness and response.
Develop and manage cybersecurity training programs using platforms like KnowBe4.
Analyze training outcomes and adjust content to address gaps in security awareness.
Promote a culture of security through ongoing education and engagement.
Required Qualifications
Bachelor's degree in Information Security, Computer Science, or related field.
5+ years of experience in IT security, GRC, or risk management roles.
Strong understanding of regulatory frameworks (e.g., GDPR, SOX, HIPAA).
Experience with BC/DR planning and third-party risk assessments.
Excellent communication and stakeholder engagement skills.
Required Technical Skills
LogicGate
- GRC workflow automation and risk tracking.
SecurityScorecard
- Vendor cybersecurity ratings and external risk monitoring.
Microsoft Purview
- Data governance, compliance, and information protection.
KnowBe4/Mimecast
- Security awareness training and phishing simulation management
Looking for someone out of pharma/life sciences companies
Title:
IT Security Engineer
Location:
Metrowest of Boston MA
Onsite Requirements:
Onsite
Start:
ASAP
Duration:
6Months + Extensions
Industry: Life Sciences
Key Responsibilities
1. Business Resilience
Conduct risk assessments and business impact analyses (BIA).
Develop and implement business continuity and disaster recovery (BC/DR) plans.
Design crisis management frameworks and incident response strategies.
Ensure compliance with regulatory and industry standards (e.g., ISO, NIST, HIPAA).
Facilitate resilience training, tabletop exercises, and testing programs.
Collaborate with cross-functional teams to enhance organizational resilience.
2. Third-Party Risk Management
Conduct security risk assessments of third-party vendors and service providers.
Develop and maintain third-party risk management (TPRM) frameworks.
Evaluate vendor security controls against industry benchmarks.
Partner with procurement, legal, and IT teams to embed risk assessments into onboarding and contract workflows.
Track and manage vendor risk findings, ensuring timely remediation.
Advise stakeholders on regulatory compliance requirements.
3. Continuous Improvement
Monitor and evaluate the effectiveness of GRC programs and initiatives.
Conduct performance assessments and identify areas for improvement.
Implement enhancements to governance practices and risk management capabilities.
Support the integration of IT security monitoring systems into GRC platforms for unified reporting.
4. Security Awareness & Training
Design and execute phishing simulation campaigns to assess user awareness and response.
Develop and manage cybersecurity training programs using platforms like KnowBe4.
Analyze training outcomes and adjust content to address gaps in security awareness.
Promote a culture of security through ongoing education and engagement.
Required Qualifications
Bachelor's degree in Information Security, Computer Science, or related field.
5+ years of experience in IT security, GRC, or risk management roles.
Strong understanding of regulatory frameworks (e.g., GDPR, SOX, HIPAA).
Experience with BC/DR planning and third-party risk assessments.
Excellent communication and stakeholder engagement skills.
Required Technical Skills
LogicGate
- GRC workflow automation and risk tracking.
SecurityScorecard
- Vendor cybersecurity ratings and external risk monitoring.
Microsoft Purview
- Data governance, compliance, and information protection.
KnowBe4/Mimecast
- Security awareness training and phishing simulation management