POSTED Apr 03

GRC Analyst w/PCI

Job Description:

We are looking for a GRC (Governance, Risk, and Compliance) Analyst with experience in PCI DSS and SOC 2 audits to join our team. The ideal candidate will have 2-3 years of experience in the field, with a strong understanding of regulatory requirements and best practices in information security.

Responsibilities:

Conduct assessments and audits to evaluate compliance with PCI DSS and SOC 2 standards.
Develop and maintain policies, procedures, and controls to ensure adherence to regulatory requirements and industry best practices.
Collaborate with internal teams to identify and mitigate risks related to information security and data privacy.
Provide guidance and support to business units on security-related matters, including risk assessments, control implementation, and remediation activities.
Participate in the development and implementation of security awareness training programs for employees.
Stay abreast of emerging threats, vulnerabilities, and regulatory changes affecting the organization’s security posture.

Requirements:

Bachelor’s degree in computer science, Information Security, or related field.

2-3 years of experience in governance, risk management, and compliance, with a focus on PCI DSS and SOC 2.
Familiarity with regulatory frameworks such as HIPAA, GDPR, and NIST Cybersecurity Framework.
Professional certifications such as CISSP, CISA, or CISM are highly desirable.
Experience working with Qualified Security Assessors (QSAs) is a plus.
Strong analytical and problem-solving skills, with the ability to assess complex security issues and recommend effective solutions.
Excellent communication skills, with the ability to effectively communicate technical concepts to non-technical stakeholders.
Ability to work independently and collaboratively in a fast-paced, dynamic environment.

View all jobs posted by this company

Apply Now!

Resume

You don't have a resume loaded to the system, so this application won't include any resume attachment. If you don't have a resume to upload, you can use the cover letter area below and include a link to your resume if you prefer.

Resume

Cover letter

My passion for cybersecurity stems from a lifelong fascination with technology and problem-solving. In my early education I was interested in attending conferences and seminars of Information Technology, I was always drawn to understanding how things worked and how to build them. This natural curiosity naturally gravitated towards the ever-evolving world of cybersecurity.
My experience as a Cybersecurity Engineer in the past of 2 years with various certifications, by attending workshops and current at Secure Point 360, LLC further solidified my desire for a STEM career. Here, I thrived in the fast-paced environment, identifying and mitigating security risks for clients. Managing and monitoring SP360 as the unified endpoint management and admin instilled the importance of continuous vigilance in safeguarding data across various platforms (cloud, endpoints, servers, SAST). These experiences not only honed my technical skills but also showcased the critical role cybersecurity plays in protecting our digital world.
I am confident that I can make a significant contribution to your team. I have attached my resume for your review and would be grateful for the opportunity to discuss my qualifications further. Thank you for your time and consideration.
URL: https://www.linkedin.com/in/kenvishah/

Cover letter

MANON GUEGUEN
Paris, France – +33627310646 – manongueguen@protonmail.com
I am an accomplished analyst combining an expertise in geopolitics and cybersecurity. This background gives me a unique perspective on the current threat landscape. When it comes to my career, I am willing to relocate as my first wish is to evolve in an international environment. Personality-wise, I am a very active person, stimulated by ever-changing situations and new encounters.
EXPERIENCE
ALMOND Sèvres, France
Cybersecurity consulting
Cyber Threat Intelligence Analyst
JANUARY 2023 – TODAY
● Develop a new CTI service from scratch (decision making regarding the roadmap, initiate new projects, design
technical, tactical, and strategic intelligence reports, developing working methodologies, leading meetings, create
synergies with the SOC/CERT team and other business units, participate in the commercial strategy)
● Writing of intelligence reports: retail and financial sectors, data breach, threat landscape analysis, APT, ransomware etc
(strong understanding of the evolution of techniques, tactics and procedures (TTPs), cyber kill chain reconstruction,
edit and review content to match high quality standards)
● Writing of briefings on cyber events to different types of publics: technical, non-technical, journalists, senior
executives and CEOs (be quick to verify real-time news, articulate complex information with clarity and brevity)
● Writing of analysis on complex geopolitical issues (critical thinking, elaborate visuals and infographics)
● Writing of a study on the insider threat (critical thinking, collect and analyze data)
● Technology policy (AI, cyber laws) and threat actors’ monitoring (curiosity, strong organizational skills)
● Training on the basics of cybersecurity: key concepts, cryptography, OWASP, OSI, TCP/IP, network layers… (high
learning ability)
● Investigating SIEM alerts (OSINT, process the alerts raised in the SOAR, qualify incidents, ensure the follow-up)
● Give presentations to clients and collaborators (strong interpersonal and networking skills, e.g. highlighting key
conferences from Botconf 2023)
INSEAD Fontainebleau, France
Education
Exam invigilator NOVEMBER 2022 – DECEMBER 2022
XMCO Paris, France
Cybersecurity consulting
Threat Intelligence Analyst JUNE 2022 – OCTOBER 2022
● Daily writing of cybersecurity newsletters and alerts (threat criticality assessment, cyber kill chain reconstruction,
monitoring open and closed intelligence sources, good contextual analysis skills)
● Follow-up with clients (ability to popularize complex ideas and concepts)
● Research, identification and qualification of fraud schemes (good investigative skills)
● Elaboration of an economic intelligence service
● Technology development and threat actors’ monitoring (identify relevant content and conferences)
● Acquisition of technical skills (bash, network architecture…)
BOULANGERIE BLOT Melun, France
Bakery shop
Saleswoman SEPTEMBER 2021 – MAY 2022
ADVINTEL New York City, United-States (Remote)
Cybersecurity consulting
Threat Intelligence Analyst Intern APRIL 2021 – AUGUST 2021
● Mastery of the intelligence lifecycle (OSINT, HUMINT, SIGINT) and threat prevention through investigations (strong
research capabilities to gather information from various sources)
● Intelligence research and analysis, cybercrime research and investigation, finished intelligence products for 450+
customers, data analysis (knowledge of different types of malware, botnet groups, ransomware syndicates, TTPs, cyber
fraud and loss prevention, well-developed investigative mindset, good understanding of underground forums)
EDUCATION
GRENOBLE-ALPES UNIVERSITY Grenoble, France
MASTER’S DEGREE IN INTERNATIONAL SECURITY AND DEFENSE 2020 – 2021
● Cybersecurity: application of international law to cyberspace, states’ cyber capabilities, analysis of the notion of
cyberwar, global growth of the cybersecurity market
● Geopolitics: thesis on the diplomatic and strategic stakes of China’s involvement in cyberspace
ÉCOLE D’URBANISME DE PARIS Champs-sur-Marne, France
MASTER’S DEGREE IN URBAN PLANNING 2019 – 2020
PARIS 1 PANTHÉON-SORBONNE UNIVERSITY Paris, France
BACHELOR’S AND MASTER’S DEGREE IN GEOGRAPHY 2013 – 2017
SKILLS AND INTERESTS
● Technical: Python (beginner), MITRE ATT&CK, Maltego, Office 365, Agile, Scrum, ArcGIS, QGIS
● Languages: French (native), English (TOEIC 2019: 915/990), Mandarin (B1), Spanish (B1), Russian (beginner)
● Interests: defense, politics, academic research (press, conferences, life-long learning)
● Volunteering: Cyber Peace Institute (conduct phishing exercices and cybersecurity awareness trainings

View all jobs