M
Posted 20 hours ago
Senior GRC Analyst
Morgan & MorganSenior GRC Analyst
Perks & benefits
Medical InsuranceHealth Insurance
Requirements
4-6+ years GRC/IT Audit experience, Vanta or GRC platform experience, ISO 27001, NIST CSF, CIS v8.1 knowledge, ISC2 CC/CCSP or ISACA CRISC/CISA certification, Bachelor's degree in technical field
Skills
GRCISO 27001NIST CSF
About the role
Responsibilities
- Build and own the end-to-end Third-Party Risk Management (TPRM) process from scratch
- Lead risk assessments for high-exposure vendor relationships
- Manage the full policy lifecycle including drafting, review, and firm-wide attestation
- Own the enterprise risk register, including methodology and scoring calibration
- Lead control testing and gap assessment using Vanta
- Assist in designing the security awareness program strategy and phishing simulations
- Serve as the primary point of contact for cyber insurance audits and regulatory inquiries
- Build GRC reporting suites for CIO-level consumption
- Coordinate with BC/DR, Crisis Management, and Privacy functions
Requirements
- 4–6+ years in GRC, IT audit, compliance, or information security
- Deep hands-on experience with a GRC platform (Vanta preferred)
- Strong knowledge of ISO 27001, NIST CSF, and CIS v8.1
- Required certifications: ISC2 CC/CCSP or ISACA CRISC/CISA (or CISSP/CISM)
- Experience leading external audits or client security due diligence
- Experience designing security awareness programs
- Bachelor's degree in Information Security, Risk Management, Computer Science, or related field
About the Company
Morgan & Morgan is one of the largest plaintiff law firms in the country, with over 6,000 employees and 100+ offices, dedicated to fighting for consumer rights.
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freeSenior GRC Analyst
Morgan & Morgan · Orlando
