Contour Software is seeking a skilled GRC Security Analyst to join our dedicated team. In this role, you will assess, manage, and mitigate risks while ensuring compliance with industry regulations. Your focus will be on developing and implementing security policies, conducting audits, and leveraging frameworks such as NIST and ISO 27001. As a critical part of our team, you will engage with cross-functional teams to translate business requirements into actionable control objectives, effectively facilitating discussions and presentations. While this role does not involve managing a team, strong collaboration skills are essential for fostering relationships across the organization. The ideal candidate will have a solid foundation in Information Technology and a minimum of three years of experience in Information Security Risk or Cyber Security Risk, including knowledge of cloud governance and industry regulations. Your commitment to excellence will ensure that our organization maintains a strong security posture and complies with all applicable laws and frameworks. The position requires working night shifts from 6:00 pm to 3:00 am (Pakistan Standard Time) or 7:00 am to 4:00 pm (Central Time Zone).

Responsibilities

• Conduct comprehensive risk assessments to identify potential security vulnerabilities across various platforms and systems.
• Develop, implement, and maintain security policies and procedures in alignment with regulatory compliance and organizational goals.
• Perform security audits to evaluate the effectiveness of existing security controls and recommend improvements as needed.
• Facilitate the integration of security measures into the Software Development Lifecycle (SDLC) to ensure that all applications and systems meet security standards.
• Collaborate with cross-functional teams to translate business requirements into effective security controls and objectives.
• Stay current on industry best practices, regulatory changes, and emerging threats to inform risk management strategies.
• Utilize risk assessment tools such as @Risk and RiskWatch to quantify and prioritize risks.
• Engage with stakeholders to communicate risk assessments, findings, and recommendations effectively through reports and presentations.
• Utilize governance, risk, and compliance (GRC) tools (e.g., Service Now, RSA Archer) to streamline risk management processes and ensure visibility.
• Assist in the management of compliance initiatives related to standards such as GDPR, PCI-DSS, and ISO 31000.
• Provide training and support to employees on security policies and best practices to foster a culture of security awareness across the organization.
• Monitor and report on the organization's compliance with established security policies and regulatory requirements.