Job Description

job summary:
Senior IT GRC Policy Analyst - Fall 2024

The Senior IT Policy Analyst works to provide IT policies aligned with NIST security controls for the MBTA. This position will helm all policy work including tracking and updating current policies, managing policy exceptions, and providing metrics and reporting on policy work. This position will also manage the cybersecurity awareness training program which includes annual training, phishing training, and specialty training for specific groups within the MBTA.

• Oversee and manage all policies including revisions

• Develop and manage the policy exception process including metrics and reporting

• Coordinate with key stakeholders on policies and standards across the MBTa

• Research and evaluate policies to ensure they are current and follow all applicable laws, regulations, and guidelines

• Identify and implement GRC security controls based on the NIST framework

• Manage the cybersecurity awareness program including annual training, phishing training, and special group training

• Collaborate within the GRC team on larger GRC projects around risk analysis and compliance requirements

Preferred Skills:

3-to-5 years experience working with NIST Cybersecurity Framework, and familiarity with NIST 800-53 Rev. 5 3-to-5 years experience managing a policy program including updating current policies, tracking exceptions, and developing and reporting out metrics 3 -to-5 years experience working with security content platforms and developing curricula for cybersecurity training
location: Boston, Massachusetts
job type: Contract
salary: $60 - 100 per hour
work hours: 8am to 4pm
education: Bachelors


responsibilities:
Senior IT GRC Policy Analyst - Fall 2024

The Senior IT Policy Analyst works to provide IT policies aligned with NIST security controls for the MBTA. This position will helm all policy work including tracking and updating current policies, managing policy exceptions, and providing metrics and reporting on policy work. This position will also manage the cybersecurity awareness training program which includes annual training, phishing training, and specialty training for specific groups within the MBTA.

• Oversee and manage all policies including revisions

• Develop and manage the policy exception process including metrics and reporting

• Coordinate with key stakeholders on policies and standards across the MBTa

• Research and evaluate policies to ensure they are current and follow all applicable laws, regulations, and guidelines

• Identify and implement GRC security controls based on the NIST framework

• Manage the cybersecurity awareness program including annual training, phishing training, and special group training

• Collaborate within the GRC team on larger GRC projects around risk analysis and compliance requirements

Preferred Skills:

3-to-5 years experience working with NIST Cybersecurity Framework, and familiarity with NIST 800-53 Rev. 5 3-to-5 years experience managing a policy program including updating current policies, tracking exceptions, and developing and reporting out metrics 3 -to-5 years experience working with security content platforms and developing curricula for cybersecurity training

qualifications:

• Experience level:
• Education: Bachelors

skills:

• Vendor Risk Auditing
• Senior IT Policy Analyst (3 years of experience is preferred)
  
  
  Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.
  At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact [email protected].
  
  
  Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including health, an incentive and recognition program, and 401K contribution (all benefits are based on eligibility).
  This posting is open for thirty (30) days.
  It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Randstad

Job Tags

Hourly pay, Contract work, Work experience placement,

Similar Jobs