The governance, risk and compliance (GRC) security analyst is a highly respected, influential and in-demand role within the business. The position is responsible supporting the security direction of the business and elevating the company’s security posture. The GRC security analyst is expected to support the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements. The GRC security analyst is also responsible for the planning and design of policies and maintenance.
The ideal candidate is technical and possesses at least five years of experience in security, compliance or risk management. The role oversees the business’ security requirements and obligations mandated by standards and regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), ISO/IEC 27001 international standard to manage information security, and Payment Card Industry Data Security Standard (PCI DSS). In tandem with security leadership, the GRC security analyst consistently assesses and validates the assurance of the security program. The GRC security analyst monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the GRC security analyst must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.
- Develop a learning and awareness program to cultivate a culture of cybersecurity within Lennar. Educate Lennar associates and contractors on security threats and how to defend against them.
- Provide technical expertise with the design, deployment, and maintenance of Lennar’s security solutions to encompass compliance management frameworks, policies, standards, and best practices in support of the Information Security Governance, Risk Management and Compliance Programs.
- Responsible for assisting in the identification, analysis, and assessment of information risk scenarios.
- Provide expertise and guidance to reduce Lennar's security risks, and ensure controls are applied to meet legal and regulatory compliance.
- Provide security expertise and guidance around security issues and recommend solutions to mitigate and eliminate compliance risks to Lennar information assets.
- Implements solutions in alignment with IT strategy and standards.
- Measure and assure that controls are in place and managed properly to meet legal and regulatory compliance for the protection of all Lennar’s information and physical assets.
- Participate in technology evaluations of risk and controls, particularly when evaluating the risk and controls of high-risk systems and applications.
- Contribute to education and advisory services to applications/systems/data owners and help them understand control objectives, control design, and how to evaluate control operation effectiveness.
- Supports effective communication between the internal/external audit and information security team, IT operation and other departments and/or business units.
- Apply and maintain understanding of security standards and best practice frameworks. Industry-specific standards and frameworks experience desirable.
- Understands the company's philosophy on diversity in the workplace
Education and Experience Requirements:
- Bachelor’s degree in any technology related field or a certification is required.
- 2-3 years of experience supporting information technology or security technologies or services in mid to large-scale enterprise environments. Comparable experience and transferable skills are acceptable.
- Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
- Experience in policy and control development as it relates to meeting compliance requirement from relevant regulations such as SOC, FFIEC, PCI and others.
- Supports identifying and analyzing emerging and advanced threats.
- Participates working across teams to resolve security issues.
- Proficient in writing, and oral presentation skills.
- Ability to explain technical security issues confidently and simply without hype or buzzwords.
- Ability to deal effectively with a wide range of vendors, service providers, and regulatory agencies.
- Ability to facilitate productive meetings and work successfully in a team-oriented environment.
- Can work with technical and non-technical business owners to develop solutions.
- Ability to exercise sound judgment in complex situations
- Strong problem solving and decision-making skills.
- Handle multiple competing priorities in a fast-paced environment.
- Strong commitment to customer service.
- Results oriented, high energy, self-motivated.
- Ability to work well under minimal supervision.
- Ability to work under pressure, maintains composure and professionalism in a developing environment.
- Some travel may be required for internal, conference, customer, partner and vendor meetings.
- Job Knowledge - Continuously enhances overall knowledge and seeks out new learning opportunities. Understands the elements of People, Process, Technology as part of solutions.
- Attitude - Demonstrates optimism, persistence, positive attitude and displays loyalty to the organization.
- Accountability - Accepts responsibility for own actions and decisions. Readily coachable and able to be developed. Fully engages in work and helps at all levels.
- Communication - Effectively conveys information and expresses thoughts and facts. Demonstrate effective use of listening skills and displays openness to other people’s ideas.
- Teamwork / Collaboration - Works cooperatively and develops effective working relationships across the organization. Champions team success over personal success. Openly shares information, opinions, and ideas with others.
- Integrity & Trust - Presents the truth in an appropriate and helpful manner, keeps confidences, admits mistakes, and doesn’t misrepresent for personal gain. Always suggests and defends the concepts of right and wrong behavior.
- Customer Focus - Meet and exceed the needs of customers, both internal and external. Continually seek to provide the highest quality service.
- Action Oriented - Driven to achieve and be successful in any task. Work at high level of efficiency and able to prioritize work and focus on most important items first.
- Problem Solving & Creativity - Makes sound, logical decisions based on facts. Utilizes resources to apply practical and creative solutions. Openness to new approaches and ideas.
This is primarily a sedentary office position which requires the incumbent to have the ability to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move and carry up to 25 lbs. Finger dexterity is necessary.