Title: Infosec Analyst

Start: ASAP

CJIS required: YES

Job Description

Client is seeking a Cybersecurity Analyst - Governance, Risk, & Compliance (GRC) to join our team. Now is a great time to join Universal Services as we enhance critical services to County residents and internal customers!

Key Responsibilities:

Governance

•  Assist in the development, maintenance, and enforcement of security policies, standards, and procedures.

•  Participate in the creation and management of the organization’s information security governance framework.

•  Monitor the effectiveness of cybersecurity controls and propose improvements.

Risk Management

•  Conduct risk assessments for systems, vendors, and processes to identify vulnerabilities and areas of non-compliance.

•  Maintain a risk register and track remediation efforts for identified risks.

•  Support business units in developing risk mitigation strategies and action plans.

Compliance

•  Ensure compliance with industry standards, regulatory requirements, and frameworks (e.g., NIST CSF, ISO 27001, HIPAA, PCI-DSS, CJIS, GDPR).

•  Assist with internal and external audits, including evidence collection and audit readiness.

•  Develop and maintain metrics and dashboards to report on compliance status and risk posture to stakeholders.

Third-Party Risk

•  Conduct due diligence and security assessments for third-party vendors and service providers.

•  Maintain documentation and track remediation efforts related to vendor risk management.

Training & Awareness

•  Contribute to the development of security awareness training materials.

•  Promote cybersecurity awareness across the organization to foster a culture of security. Continuous Improvement

•  Monitor emerging cybersecurity threats, trends, and regulatory changes.

•  Recommend and implement improvements to the GRC program in alignment with industry best practices.

Requirements

Education: A High School Diploma or GED accompanied by a recognized cybersecurity certification (e.g., Security+, SSCP, or equivalent), or a Bachelor’s degree in a related field such as Cybersecurity, Information Technology, or Information Systems.

Experience: • 2–5 years of experience in Governance, Risk, and Compliance (GRC), cybersecurity, IT audit, or risk management.

•  Hands-on experience with GRC tools (e.g., Archer, ServiceNow GRC, MetricStream).

•  Familiarity with security and privacy regulations and frameworks (e.g., NIST, ISO, GDPR, HIPAA, SOC 2). Skills and Competencies

•  Strong analytical, organizational, and problem-solving skills.

•  Ability to communicate effectively with technical and non-technical audiences.

•  Knowledge of cybersecurity principles, risk management practices, and regulatory environments.

•  Proficient in Microsoft Office 365, including Excel, PowerPoint, and SharePoint.

•  Ability to work independently and collaboratively in a fast-paced environment.

Preferences

•  Industry certifications such as CISSP, CISA, CRISC, Security+, or ISO 27001 Lead Implementer/Auditor are highly desirable.

•  Demonstrated passion for cybersecurity, risk reduction, and continuous professional development.

•  Strong attention to detail with an emphasis on accuracy and quality.

•  Excellent communication and interpersonal skills with a collaborative, team-oriented approach.

All your information will be kept confidential according to EEO guidelines.