The IT policy analyst works to provide IT policies aligned with NIST security controls for the client. The IT Policy Analyst will work within the Enterprise Risk Management platform to manage policies, security control gaps, and dashboard / metric tracking. The GRC Policy Analyst will also work with client-specific IT policies outside of the scope of NIST such as mobile device management, and data governance.
Responsibilities :
Oversee and manage NIST policy approvals and implementation at the client.
Manage NIST policies within the ERM platform
Coordinate with key stakeholders for non-NIST policies
Research and evaluate policies to ensure they are up to date with current NIST guidance
Stay aware of policy trends and new laws / guidelines from the Federal to state and local level
Identify and implement GRC security controls based on the NIST framework.
Manage and implement the cybersecurity awareness program including annual training, AUP acknowledgement tracking, and phishing training
Collaborate with the GRC IT Risk Analyst on various projects for the GRC Department.