Home » Jobs » Cyber Security Analyst II _ GRC Specialist

Cyber Security Analyst II _ GRC Specialist


The Cyber Security Analyst II – GRC (Governance, Risk and Compliance) Specialist is responsible for conducting risk assessments of enterprise-wide systems, applications, network and network connected devices to ensure compliance with the implementation and maintenance of controls mandated by Jefferson security policy and standards.  The role requires partnership with IT, business owners, and third parties towards implementing a safe and secure solution.  This position is intended to provide highly skilled compliance and information security expertise for assessing Jefferson’s compliance and risk posture related to its information assets.  It also requires the support of cyber security initiatives through predictive and reactive analysis, articulating emerging trends to leadership and staff. 


  • Performs risk assessments of Jefferson information computing assets and business processes to identify information security risks and regulatory non-compliance, and support remediation efforts  
  • Ensures that risk assessments are conducted promptly with required completeness and accuracy 
  • Provides strong customer service with third parties to cultivate relationship and ease of doing business  
  • Provides guidance and support to IT and business to ensure continued compliance 
  • Participates in projects to identify and validate critical controls to address IT and business risks and identified deficiencies 
  • Provides support with Issues, Exception, and Incident Management, as needed 
  • Participates in the creation and update of policies, procedures and standards to assure they are managed to support security, compliance and regulatory requirements 
  • Endorses and supports a compliance culture 
  • Promotes security awareness to the enterprise to reinforce workforce education on security standards, policies and best practices 
  • Maintains familiarity with HIPAA and other Information Security regulations 


  • Active team player in cyber security projects at Jefferson  
  • Effective interaction skills in both oral and written communication 
  • General concept and knowledge of Issue, Exception and Incident Management 
  • Supports other information security operations as required _________________________________________________________________________ 


Bachelor’s degree in an information technology field preferred 



At least one information security certification, such as a SSCP, CISA, CISM, CISSP, CRISC, or professional certificate is a plus.  ISACA certification is preferred. 



At least five years’ experience in an information security function, ability to multi-task, a keen eye for detail, excellent follow-through, strong organizational skills, the ability to thrive in fast-paced, high-stress situations, ability to communicate cyber security issues to peers and management via oral and written format.  5+ years’ solid understanding of Cyber Security & IT controls, network / systems / application penetration testing and vulnerability assessments. Experience with NIST and ISO frameworks. Solid knowledge of HIPAA, HITECH, FERPA, and other IT security governing bodies.  Experience working with a Governance Risk and Compliance tool is a plus.