Senior GRC Analyst

Business Summary:

Deltek's Global Information Security team has a passion for simplifying the delivery of information security in a complex industry. As part of our dynamic team, you will help deliver creative security services to continuously improve the first-rate protection of Deltek’s Information Assets. Join us as we create innovative solutions to further security as a differentiator for Deltek.

Summary:

This role is responsible for providing information security risk management and compliance subject matter expertise for the entire enterprise and portfolio of products. Information security risk management and compliance are critical parts of Deltek’s business and product strategy. In this role, you would be working with a team of information security, risk management, and compliance professionals to protect the company brand, corporate reputation, and information assets. The Senior Governance, Risk, & Compliance (GRC) Analyst reports directly to the Director of GRC and is responsible for fulfilling and maturing services provided by the GRC team.

Responsibilities:

• Provide subject matter expertise related to NIST 800-53, FedRAMP, CMMC, ISO27001, PCI DSS, SOC 1, SOC 2, and other information security regulations.
• Maintain, and mature GRC services as a primary or backup service owner (e.g., Policy Management, Risk Management, Customer Security Due Diligence, Business Continuity Planning, etc.)
• Track assigned information security risks through the Risk Management process.
• Perform data quality reviews for GRC process measurement.
• Prepare risk management metrics and reporting.
• Work with Deltek technical and business professionals to determine appropriate risk treatment decisions and plans.
• Utilize governance, risk, and compliance (GRC) tools to manage a list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management systems, and risk management workflows.
• Facilitate gathering, reviewing, and assembling internal and external audit evidence.
• Support projects as assigned to enhance Deltek compliance capabilities.
• Maintain proficiency with applicable laws, regulations, and standards.
• Support internal risk and compliance meetings as a subject matter expert.
• Draft and maintain compliance documents (e.g., policies, standards, procedures, etc.).
• Coordinate the adoption of information security best practices throughout the enterprise.

Requirements:

• B.S. degree (Information Security, Computer Science, MIS, or equivalent program preferred)
• Minimum 3 years of combined experience in Information security, compliance, technology audit, or a related field.
• Experience with NIST SP 800-53, ISO 27001, PCI DSS, or SOC 1/2.
• Strong written and verbal communication skills.
• Experience working in a collaborative team environment.

Preferences:

• CISSP, CISA, or other related information security certification desired.
• FedRAMP, NIST 800-171, CSA CCM, CIS Security Framework experience desired.
• Experience with software development in a cloud environment is desired.