Sr. IT GRC Policy Analyst

Senior IT GRC Policy Analyst

Hybrid - once a week onsite in Boston

Long term - renews every June 30

The Senior IT GRC Policy Analyst works to provide IT policies aligned with NIST security controls for the client. This position will helm all policy work including tracking and updating current policies, managing policy exceptions, and providing metrics and reporting on policy work. This position will also manage the cybersecurity awareness training program which includes annual training, phishing training, and specialty training for specific groups within the client.

Responsibilities

• Oversee and manage all policies including revisions

• Develop and manage the policy exception process including metrics and reporting

• Coordinate with key stakeholders on policies and standards.

• Research and evaluate policies to ensure they are current and follow all applicable laws, regulations, and guidelines

• Identify and implement GRC security controls based on the NIST framework

• Manage the cybersecurity awareness program including annual training, phishing training, and special group training

• Collaborate within the GRC team on larger GRC projects around risk analysis and compliance requirements

Preferred Skills

• 3-to-5 years experience working with NIST Cybersecurity Framework, and familiarity with NIST 800-53 Rev. 5

• 3-to-5 years experience managing a policy program including updating current policies, tracking exceptions, and developing and reporting out metrics

• 3 -to-5 years experience working with security content platforms and developing curricula for cybersecurity training

ManpowerGroup is committed to providing equal employment opportunities in a professional, high quality work environment. It is the policy of ManpowerGroup and all of its subsidiaries to recruit, train, promote, transfer, pay and take all employment actions without regard to an employee's race, color, national origin, ancestry, sex, sexual orientation, gender identity, genetic information, religion, age, disability, protected veteran status, or any other basis protected by applicable law.