Senior GRC Analyst

Business Summary:

Deltek's Global Information Security team has a passion for simplifying the delivery of information security in a complex industry. As part of our dynamic team, you will help deliver creative security services to continuously improve the first-rate protection of Deltek’s Information Assets. Join us as we create innovative solutions to further security as a differentiator for Deltek.

About the role:

• Provide subject matter expertise related to NIST 800-53, FedRAMP, CMMC, ISO27001, PCI DSS, SOC 1, SOC 2, and other information security regulations.
• Maintain, and mature GRC services as a primary or backup service owner (e.g., Policy Management, Risk Management, Customer Security Due Diligence, Business Continuity Planning, etc.)
• Track assigned information security risks through the Risk Management process.
• Perform data quality reviews for GRC process measurement.
• Prepare risk management metrics and reporting.
• Work with Deltek technical and business professionals to determine appropriate risk treatment decisions and plans.
• Utilize governance, risk, and compliance (GRC) tools to manage the list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management systems, and risk management workflows.
• Facilitate gathering, reviewing, and assembling internal and external audit evidence.
• Support projects as assigned to enhance Deltek compliance capabilities.
• Maintain proficiency with applicable laws, regulations, and standards.
• Support internal risk and compliance meetings as a subject matter expert.
• Draft and maintain compliance documents (e.g., policies, standards, procedures, etc.).
• Coordinate the adoption of information security best practices throughout the enterprise.

Requirements:

• B.S. degree (Information Security, Computer Science, MIS, or equivalent program preferred)
• Minimum 3 years of combined experience in Information security, compliance, technology audit, or a related field.
• Experience with NIST SP 800-53, ISO 27001, PCI DSS, or SOC ½.
• Strong written and verbal communication skills.
• Experience working in a collaborative team environment.

Preferences:

• CISSP, CISA, or other related information security certification desired.
• FedRAMP, NIST 800-171, CSA CCM, CIS Security Framework experience desired.
• Experience with software development in a cloud environment is desired.