Data Security Analyst

Description

The Data Security Analyst is responsible for supporting the organizations Governance Risk and Compliance (GRC) program through the review of ServiceNow GRC tickets assessment of associated risks and preparation of clear well-documented analyses. This role facilitates security exception reviews maintains policy governance processes and ensures organizational alignment to regulatory frameworks such as NIST and HIPAA. The Data Security Analyst collaborates with leaders business owners and technical teams to drive effective risk management and maintain audit-ready documentation.

Think youve got what it takes

Key Responsibilities

GRC Ticket Review & Risk Analysis

Review triage and analyze GRC-related ServiceNow tickets.

Identify and document risks impacts and business justifications.

Draft clear and complete responses for requestors and stakeholders.

Communicate updates escalations and decisions to leaders and service owners.

Security Exception Management

Review and evaluate security exception requests to policies and standards.

Determine impact and likelihood using approved methodologies.

Document risk statements compensating controls and accountability expectations.

Prepare and communicate risk acceptance recommendations to leadership.

Analyze threats vulnerabilities likelihood and impact to determine overall exposure.

Draft risk assessment summaries recommendations and mitigation strategies.

Maintain supporting documentation for audit and compliance review.

Policy & Procedure Governance

Facilitate drafting review approval and annual refresh of policies and procedures.

Maintain version control ensure revisions are documented and produce finalized clean versions.

Coordinate with policy owners to ensure alignment with internal standards and regulatory requirements.

Regulatory & Framework Alignment

Interpret and apply NIST HIPAA and organizational control requirements.

Ensure assessments and documentation reflect regulatory and framework expectations.

Provide guidance on compliance requirements to stakeholders across the organization.

Knowledge Management

Update and maintain Security Knowledge Articles within ServiceNow.

Ensure articles are accurate current and accessible to users.

Collaborate with subject matter experts to identify and close knowledge gaps.

Operational Support & Ad-Hoc Assignments

Assist in audit preparation compliance reporting and evidence collection.

Support continuous improvement initiatives within the GRC program.

Respond to daily and ad-hoc requests from leadership and internal partners.

Participate in team meetings special projects and GRC initiatives.

Performance Expectations

Quality & Accuracy

Produces high-quality complete and well-organized risk analyses assessments and documentation.

Ensures all work aligns with NIST HIPAA and internal policy requirements.

Timeliness

Responds to ServiceNow tickets within defined SLAs.

Delivers assessments and documentation by established deadlines.

Communicates proactively regarding delays or issues.

Risk Judgment & Critical Thinking

Applies consistent well-justified risk ratings and identifies mitigation opportunities.

Escalates high-risk items appropriately and collaborates effectively on resolutions.

Communication & Collaboration

Drafts clear professional communications for leaders technical teams and business owners.

Works collaboratively across departments to resolve issues and drive outcomes.

Process Ownership

Maintains updated knowledge articles accurate documentation and organized tracking.

Demonstrates strong ownership of assigned GRC processes and tasks.

Professionalism & Reliability

Maintains confidentiality and handles sensitive information responsibly.

Consistently meets expectations with minimal rework and limited supervision.

Adaptability & Initiative

Responds effectively to shifting priorities and ad-hoc needs.

Demonstrates initiative by identifying risks early and suggesting process improvements.

Skills & Requirements

Bachelors degree in computer science required (Good to have Information Security IT Compliance or related field)

1 year computer management or networking field including some in information security required

25 years of experience in GRC compliance or security roles is preferred.

Familiarity with NIST frameworks HIPAA Security Rule requirements and risk methodologies is preferred.

Experience with ServiceNow GRC or similar platforms is a plus.

Strong analytical communication and documentation skills is preferred.

Required Experience :

IC

Key Skills

Data Analytics,Microsoft Access,SQL,Power BI,R,Data Visualization,Tableau,Data Management,Data Mining,SAS,Data Analysis Skills,Analytics

Employment Type : Full-Time

Experience : years

Vacancy : 1