Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Our mission is to transform how organizations engage with their audiences—and that’s just the start!

Organizations of all sizes rely on us to deliver impactful news and multimedia, driving social engagement and fostering meaningful connections with their target audiences.

About the Role

The Senior Governance, Risk, and Compliance (GRC) Analyst will be responsible for managing cybersecurity governance activities, including the development and upkeep of policies, standards, and procedures related to cybersecurity controls. This position will assess the effectiveness of security measures, ensure compliance with applicable frameworks, and enhance risk management strategies. The ideal candidate will have in-depth knowledge of cybersecurity risk and compliance, along with hands-on experience in integrated risk management, third-party risk, and policy/document management tools.

The analyst will work closely with business, IT, and security teams to create, review, and approve documentation, ensuring compliance with the organization’s policies, standards, and regulatory requirements.

Key Responsibilities

– Evaluate existing documentation to identify and prioritize updates.
– Develop new security policies, standards, and accountability models to define security roles and practices.
– Implement and manage a GRC tool to optimize governance processes.
– Lead the policy and standards attestation process with all stakeholders.
– Manage the process for handling exceptions to policies and standards.
– Design and manage a Cybersecurity Awareness Training program.
– Facilitate document creation and updates through collaboration with subject matter experts and leadership.
– Create questionnaires to assess compliance with cybersecurity policies and identify gaps in the Cybersecurity Risk Register.
– Oversee the implementation and ongoing management of cybersecurity controls and frameworks.
– Maintain an inventory of cybersecurity controls aligned with industry standards (e.g., NIST, SOC 2, ISO 27001, CIS) and regulations (e.g., GDPR, CCPA, SOX).

Qualifications

– Bachelor’s degree in a relevant field such as Information Security, IT, Computer Science, or Engineering.
– Over 5 years of experience in IT or cybersecurity, including at least 3 years focused on developing security policies and procedures.
– Strong understanding of cybersecurity controls and data protection compliance.
– Preferred certifications include CISSP, CISA, CISM, CGEIT, or CRISC.
– Experience leading the selection and management of a GRC tool is highly desirable.

Technical Expertise

– Solid knowledge of identity and access management tools (e.g., Microsoft Entra, Active Directory, PAM).
– Familiarity with vulnerability management platforms like Rapid7 and Wiz.
– Experience with IT asset management, CMDBs, and network discovery tools.
– Understanding of control frameworks (e.g., NIST CSF, PCI-DSS, SOX, SOC 2, GDPR, CCPA).
– Knowledge of operating systems, databases, and middleware.
– Experience conducting compliance and risk assessments.
– Project management experience in IT and security.
– Proficiency with Jira, Slack, and Microsoft Office 365 tools.

Work Environment

– Self-driven and goal-oriented, with strong prioritization skills.
– Excellent organizational and project leadership abilities.
– Strong written and verbal communication skills.
– Ability to collaborate and build relationships across departments and with external stakeholders.
– Adaptability to new technologies and evolving requirements.

Please note: Business Wire does not sponsor employment authorization for this role.

Compensation and Benefits

The base salary range for this position is $155,000 to $165,000 annually. Final compensation will depend on factors such as education, experience, skills, internal equity, and market data. Business Wire reserves the right to adjust this range as needed.

Our comprehensive benefits include:

– Remote work flexibility
– Health benefits starting on your first day
– $100 monthly fitness reimbursement, tuition assistance, and mental health support
– 401(k) with company match and annual profit-sharing (based on company performance)
– Paid time off, floating holidays, wellness days, and a birthday day off

A background check will be required after an offer is accepted.

Business Wire is proud to be an equal opportunity employer. We welcome applicants of all backgrounds and are committed to fair hiring practices, including consideration of qualified candidates with arrest or conviction records in accordance with applicable laws.