Cybersecurity Analyst (GRC)

Sunrise System Inc. is currently looking for

• Company policy requires newly hired employees to be fully vaccinated for COVID-19 as of their start date. Company is an equal opportunity employer and will provide reasonable accommodation to the unvaccinated in accordance with federal, state, and local law.
• Remote- but strongly prefers home base in Chicago, IL and area.
• Position is remote, but there may be travel throughout the year to business sites/HQ

• Operating within the Cybersecurity Governance team, support the cybersecurity compliance management strategy. This role will support development, assessment, and maintenance of policies, standards, processes and procedures, to a level compliant with ISO27001/2, PCI DSS, JSOX, GDPR, CMMC and other relevant standards.
• The role will work collaboratively with various business and IT teams in the design and implementation of cybersecurity assessment and compliance programs; support the Information Security Management (ISM) program, support/facilitate audit requests, conducts assessments, identify risk themes, maintain cybersecurity risk register, and promote cybersecurity awareness and training across the appropriate teams.

• BS in Information Systems or Information Security
• 3+ years in IT/Information security risk assessment, SETA, and governance and compliance roles
• Familiarity with NIST security family, ISO 27001/2, and other relevant security standards Preferred (all of the above, plus)
• Demonstrated experience with industry standard frameworks mentioned above CRISC or other related certification
• Experience with Navex IRM/Lockpath or other GRC tools, Experience with KnowBe4 or other

• Analytical skills and ability to formulate and articulate roadmaps and recommendations.
• Ability to multi-task and prioritize individual and teamwork in fast changing environment.
• Ability to interact with personnel at all levels of an organization to resolve issues and provide solutions in a timely manner.
• Ability to maintain a detail-oriented approach while multitasking in a fast-paced environment.
• Strong technical, analytical, and problem-solving skills.

• Experience in successfully working remotely
• Excellent written and oral communication skills.
• Experience working with customers in sensitive environments
• Ability to interface with all levels within an organization and provide input to facilitate cybersecurity compliance decisions.

• Highly organized, self-motivated and accountable

• Support tactical execution of assigned cybersecurity compliance activities. This can include execution, support, follow up, monitoring and reporting for areas including:
• ISM reports, Privacy Impact Assessment, Personal Information Registration, ISM Audit
• Security Education Training and Awareness (SETA) promotion, delivery and reporting
• Policy Exception Intake, review, monitoring and reporting
• Security Conformity activities
• Able to scope out projects and manage day to day processes of a program.
• Support tactical execution of cloud risk, third party risk, cybersecurity, and other risk assessment and questionnaires as directed.
• Support risk register maintenance. Follow up on outstanding remediation with related stakeholders.
• Support and manage cybersecurity compliance demands and engagements; support team prioritization.
• Keep informed regarding pending industry changes, trends, and best practices and assess the potential impact of these changes on organizational processes. Raise concerns to Cybersecurity Governance manager
• Assist internal audit requirements with preparing and presenting written and oral reports and other technical or process related information in a pertinent, concise, and accurate manner for distribution to management.

• Support the departmental management activities for cybersecurity compliance.
• Develops schedules to ensure timely completion of tactical activities for cybersecurity compliance.
• Interfaces with task leaders, subcontractors and support personnel, customer and Panasonic management to drive action and ensure transparency and visibility for cybersecurity compliance management initiatives.
• Summarizes and reports cybersecurity compliance risks to the Cybersecurity Governance manager and/or its working group overseeing compliance initiatives.
• Collaborate with other North America regional cybersecurity teams.
• Support response to internal and external consumers, regulatory bodies, and auditors about cybersecurity governance, risk, and compliance affairs and inquiries.