Sr. Analyst Cybersecurity - GRC Job Listing at NRECA in Arlington, VA (Job ID R2025-754)

Description

Job Description

NRECA is a unique national trade association providing advocacy, financial services and business support services to over 900 consumer owned electric cooperatives across the country.  NRECA employees are united by our mission, inclusive culture, collaborative workplace and commitment to service excellence.  As a “best place to work” employer, we operate with integrity, transparency and a spirit of innovation.

Summary of Position

Join IT at NRECA where we are more than a team, we are a community. Guided by the core tenets of Simplicity, Security, Continuity, Transparency, and Flexibility, we strive to deliver business value through collaboration, ideation, and innovation. Become an integral part of a community driven to continuously improve our processes and transform how we work – in partnership with our colleagues and in service to our members.

We are looking for an experienced analyst to support our Cybersecurity Governance, Risk and Compliance (GRC) Team.  If you understand information security frameworks, standards and best practices and have experience conducting information security risk assessments, control audits and third-party risk assessments, we are looking for you! 

Key Responsibilities

• Advises IT and the business in accordance with legal, regulatory, contractual, policy, and standards requirements to identify, assess, and prioritize cybersecurity risks
• Leads activities related to compliance and issue management.
• Analyzes findings to identify vulnerabilities and opportunities to improve controls, governance, and risk mitigation.
• Leads monthly risk security meetings to report on activities and metrics and identifies potential risks and opportunities for improvement.
• Monitors and reports on conformance to the risk governance framework.
• Leads and develops third-party risk management policies and standards and advises on the annual third-party risk assessment plan.
• identifies and develops risk and control requirements for systems, data, and technical capabilities in the cloud, on-premises, and third-party vendors.

Required Qualifications and Skills

• Bachelor's in Computer Science, Management Information Systems, Information Security, or related field.
• 7+ years experience in IT and information security risk management, compliance, audit, and governance.
• 7+ years experience leading and conducting information security risk assessments, control audits, and third-party security risk assessments.
• Strong technical knowledge of IT and information security technologies, including AWS, Azure, and M365.
• Experience with information security frameworks, standards, and best practices such as NIST CSF, NIST RMF, NIST 800-30, NIST 800-53, NIST 800-171, HIPAA, SOC2, CIS, ISO 27001/27002, and COBIT.
• Experience with GRC tools, reports and dashboards development, and compliance automation.
• Ability to develop and recommend solutions appropriate to the business, technology, and cybersecurity context.
• Ability to work independently and proactively under minimal supervision.
• Ability to effectively convey complex information to technical and non-technical stakeholders.
• Excellent analytical and problem-solving skills and attention to detail.
• Ability to manage multiple projects with competing deadlines.
• Ability to communicate, both verbally and in writing, with a diverse range of audencies.
• Ability to report to the office when required.

Preferred Qualifications

Preferred Certifications:

• Information Systems Security Professional (CISSP)
• Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Manager (CISM)

Essential Physical Requirements:

• The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal and extensive reading.
• Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires exertion of forces greater than that for sedentary work and the worker sits most of the time, the job is rated for light work.

Disclaimer Statement: The preceding job description has been written to reflect management's assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned.

Additional Requirement:

The preceding job description has been written to reflect management's assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned.  All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

NRECA is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities. If you need special assistance or an accommodation while seeking employment, please e-mail humanresources@nreca.coop or call: 703-907-5992 - NRECA Arlington Human Resources. Please call 402-483-9275 - NRECA Lincoln Human Resources, for Lincoln, NE employment opportunities. We will make a determination on your request for reasonable accommodation on a case-by-case basis.

The U.S. Equal Employment Opportunity Commission (EEOC) recently released the 'Know Your Rights' poster, which updates and replaces the previous "EEO is the Law" poster and "EEO Is the Law Poster Supplement". 

Pay Transparency Non-Discrimination. NRECA will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. Please see the Pay Transparency Nondiscrimination Provision for more information.

E-Verify. As a Federal Contractor, NRECA is required to participate in the E-Verify Program to confirm eligibility to work in the United States. For information please click on the following link: E-Verify.

For more information about life at NRECA please visit www.Electric.coop.