GRC Security Analyst II

GRC Security Analyst II responsible for governance, risk, and vulnerability management across enterprise information systems; leads risk assessments, prioritizes remediation with IT/business stakeholders, and develops metrics to measure remediation success. Collaborates with security engineers and incident response teams; drives security awareness programs, third-party risk assessments, and alignment with frameworks such as ISO 27001/27002, NIST CSF, COBIT, CIS Benchmarks, and CIS Configuration Benchmarks. Supports SDLC integration, audit liaison, and ongoing improvement of security controls, policies, and practices; requires strong written and verbal communication and the ability to operate in both independent and team settings. Minimum 3-5 years in governance & risk with relevant certifications (e.g., CISSP, CISA, CISM, CCSP, GIAC) or equivalent experience. Equal Opportunity Employer statements included.