Governance, Risk Management, and Compliance (GRC) Analyst

Website ProCircular, Inc.

Cybersecurity Company that's all about people!

Company Overview

ProCircular is about relationships and trust. We provide organizations with practical expertise and guidance to manage risk, improve security readiness, meet regulatory commitments, and continually address the latest cyber threats.

 

People are at the center of our philosophy, and quality is the cornerstone. We build trust by being approachable, realistic, and unbiased. Each client’s unique goals guide our work and every project produces a tangible result and a clear roadmap. We’re passionate about cybersecurity, serious about quality, built around people.

 

Position Summary

Provide cybersecurity support services to assist our clients with their cybersecurity activities. Provide research and analysis on a broad range of cybersecurity topics and prepare technical documentation to support team assessment of risk and prepare recommendations to our client on risk to their organizations.

 

To perform this job successfully, an individual must be able to perform each essential job function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability.

 

Essential Job Functions (include but are not limited to the following)

Participate in a team helping to document processes, procedures, and controls.
Research and analyze the specific requirements associated with standards to assist the team with plans to satisfy each requirement.
Attend strategy meetings and capture key notes, action items, and next steps.
Support compliance by creating or updating documentation related to relevant controls, policies, and procedures.
Assist with the development of policy documents using online research methods and an understanding of basic cybersecurity concepts.
Assist with the generation of metrics to depict compliance data in charts and graphs using MS Excel.
Perform as part of a larger team in the documentation of organizational risk assessments through review of system architecture diagrams, vulnerability reports, and a basic understanding of common threat vectors (e.g., phishing, zero-day vulnerabilities).
Assist the team in the development of executive briefings and project milestone reports.
Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement.
Execute process mapping to identify significant operational risks and controls
Create and monitor standardized internal processes.
Uphold the values of ProCircular and abide by the Company handbook.
Position Requirements

The requirements listed below are representative of the knowledge skills and abilities required. Employees who do not possess the requirements for a job at the time of hire will not be considered for the position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

 

Required Skills and Experience:

Technical minded and driven
Thorough understanding of the latest security principles, techniques, and protocols
Supports continuous improvements to enhance and streamline processes, and supports efficiencies and automation activities
Capable of working effectively independently and in a team environment
Must be self-motivated, goal and detail oriented
Flexible and adaptable to changing work environment
Ability to prioritize multiple tasks and manage time efficiently
Communicate in a positive manner with clients and escalate any issues and/or messages accordingly
A professional security certification such as Security+
Must be able to efficiently use Microsoft Word and Excel
Desired Skills and Experience:

Awareness of controls and existing/proposed security standards and how they affect our customers’ environments
Understand cyber-attack methods such as malware, phishing, XSS, DDoS, etc.
Experience in scripting languages e.g., Python, PowerShell, PHP
Education and Experience Requirements:

A. or B.S. degree in Computer Science or an Information Technology (IT) related field
At least 2 years’ experience in cybersecurity, IT audit, or cyber risk
Language Requirements:

The primary language of ProCircular is English. Excellent communication skills are required, defined as the ability to:

Actively listen for total comprehension
Ask questions that enhance the understanding of a certain topic
Relay information and/or instruction in a descriptive and understandable fashion in both written and verbal format
Reasoning Ability Requirements:

High-functioning, reasoning abilities are necessary to meet deadlines, prioritize company and customer needs, and work in a high functioning collaborative team environment.

 

Physical Requirements:

Occasional lifting up to 20 lbs. may be necessary from time to time. Must be able to sit for long periods of time, view a computer monitor, and type frequently/constantly (up to 8 hours a day).

 

Travel Requirements:

Travel is not required for this role.

 

Employment Status

Non-Exempt: This role is non-exempt which entitles the employee to overtime pay. Non-exempt employees must be paid for each hour worked and are paid 1.5 times their hourly wage for any hours worked over 40 in the week.

 

Schedule Expectations

Our normal hours of operation are from Monday through Friday, from 8:00 am to 5:00 pm.

 

Part-Time: Part-Time employees are defined legally as working on average less than 30 hours per week. Occasionally, time over 40 hours may be necessary in order to meet the business needs. If performance expectations are met, employees may flex his or her schedule, subject to preapproval of one’s direct supervisor.

 

Supervision Requirements

This position does not have supervisory responsibilities.

Performance Expectations

All teammates are evaluated at least annually on their performance based on the essential job functions in this job description, along with ProCircular’s Core Values:

 

It’s about people

People define every part of our business. Growth potential is based on the abilities and personalities of the people involved. Technology solutions are a part of the equation, but it’s the people in an organization that define its true security. We work hardest when we’re supporting one another. We take care of each other; we take care of our families, and in doing so we take better care of our customers.
Fear is the mind killer

We don’t let fear define the need for our services and we don’t present a problem without discussing realistic response or mitigation options. There’s more than enough to worry about in life and plenty of people telling us to be afraid. We’re solutions people, not fear mongers.
Strong opinions lightly held

Opinions are important—they coalesce facts, reason, experience, and judgment into actionable points of view. We present our opinions with logic and reason rather than emotions, offering several alternatives to each challenge and the supporting data. The rejection of an idea is not a rejection of the individual or their merit. Everyone has a voice and a chance to speak, regardless of title, station or seniority.
Quality over speed, speed over cost

Every organization must consciously balance quality, speed, and cost. We will always put the quality of our work first. We make great efforts to move quickly, but never at the expense of quality. While we strive to keep our services affordable, we never choose an inexpensive alternative that will adversely impact quality or speed.
Cool heads, warm hearts

We keep a cool head and help others do the same, especially in a crisis. We approach adversity with patience, logic, and understanding. Mistakes happen; we don’t hide, ignore, condemn, or fear them. Mistakes are opportunities to exemplify honesty, accountability, professionalism, tolerance, and grace. Instead of pointing a finger, we use humor, empathy, and fun when it matters most.
R-E-S-P-E-C-T

We treat each other how we hope to be treated. We don’t yell; we aren’t condescending, and we always try to understand the other person’s perspective, before reacting to it. We keep it light and we listen. We extend this principle to our customers, and we understand that talking down to them is the easiest way to send them to a competitor.
Tomorrow just happened

Life is what happens when we’re busy making other plans. We work hard on today but we’re always thinking about the future. We take extra time to make sure we’re learning and looking ahead. No matter what your discipline or area of expertise, you’re adding your capabilities to the long-term plan for the organization and its clients.
As an equal opportunity employer, ProCircular encourages an inclusive workplace where we learn from each other, live out the Company’s core values, and appreciate each team member. We welcome people of different backgrounds, experiences, abilities, and perspectives. We have a responsibility to help shape a world equal for all people, and ProCircular is committed to unconditional inclusion and the celebration of diversity.

To apply for this job please visit procircular.bamboohr.com.

Interest Form

Join A TAI Roundtable

Please fill out this form to indicate your interest in joining one of Technology Association of Iowa’s Roundtables.

Participation in the CIO, CISO or CEO Roundtables is exclusively reserved for technology executives of TAI member organizations with these (or comparable) job titles. All other TAI Roundtables is exclusively reserved for individuals employed by TAI member organizations. Not a member? Join now.

  • This field is for validation purposes and should be left unchanged.