Infosec Governance Risk Compliance Analyst-Cruise Industry

One of our top clients has an opening for a contract Infosec Governance Risk Compliance Analyst, with an initial term of 4 months.  Candidates will have experience in the following scope of work and required skills/competencies:

We are seeking an Information Security GRC Analyst – Risk to assist in performing third party risk assessments and formalizing the information security risk register. The successful candidate for this position will contribute to the development of information security risk management that supports the NIST CSF based governance program across the enterprise. This position requires good communication, networking, and leadership presentation skills.
  • Collaborate with our business sponsors and third parties to initiate, conduct, and close assessments in a timely manner.
  • Communicate assessment requirements with business sponsors and third parties related to the third party selection and onboarding processes to maintain compliance with defined policies and procedures, regulations, and managing risk to the company.
  • Analyze internal controls and information security, compliance, and data protection programs of third parties to ensure company policies and standards are adhered to.
  • Ensure potential risks associated with software as a service (SaaS) technologies and interfaces to the company’s information are examined thoroughly.
  • Ensure Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), Global Data Protection Regulation (GDPR), and other regulatory compliance with the company and third party technologies, services, systems, and integrations.
  • Review and assist with negotiations of third party contracts for information security, compliance, and data protection measures.
  • Collaborate with business and risk owners to analyze information security risks and determine Inherent and Residual Risk Scores.
  • Coordinate review of existing risks, along with treatment plans, to ensure they are being managed in accordance with they company’s policies and standards.
  • Provide guidance to business and risk owners in developing appropriate risk treatment plans that reduce risk to the organization.
  • Analyze and document cyber security threats specific to the organization.
  • Produce and interpret common cyber risk assessment and management reports.
  • Analyze information security metrics (KRI’s, KPI’s) data and discerns patterns in a variety of settings. Work with processes and tools for reporting information security KRI’s/KPI’s for forecasting alignment with NIST CSF governance structure accurately. Follow up on actionable items associated with KRI/KPI information.
  • Participate in the development of departmental IT infrastructure and policies based on a business analysis.  Generate status reports for management to ensure the implementation of IT security policies, standards and procedures. Perform information gathering and research on key elements of IT security policies.
  • Analyze the purposes and responsibilities of security technology infrastructure across various functions. Identify the roles and responsibilities of the IT department.
  • Identify specific facilities and equipment used to provide physical security for corporate data. Explain the process and structure used to gain information access. Describe the roles and functions of various individuals in Information Security Administration. Describe basic concepts involved in securing electronic information.
  • Describe the rationale for the conduct of information security audits and discuss appropriate ways to answer information security questions concerning audit trails, availability, and confidentiality.
  • All candidates must be available to work our normal business hours of Monday-Friday, 9am – 6pm.
  • Some weekend and overtime work may be required.


  • At least 1 year experience in one or more of the following fields: third party risk management (TPRM) and information security risk management.
  • 1-2 years of Information Security experience.
  • 1-2 years of experience in managing projects.
  • Experience in SOX and PCI-DSS controls.
  • Great written and verbal communications required.
  • Ability to communicate in a manner appropriate to audience size or level and via multiple mediums.


  • Expert with Microsoft 365 suite of applications, ability to convert raw technology metrics into meaningful reports at a management level.
  • Ability to work with technical subject matter experts and translate information to non-technical employees and stakeholders.
  • Project management experience and the ability to prioritize and balance some projects simultaneously.
  • Display sound judgement with a high level of integrity, ethics, and ability to calmly, diplomatically, and effectively handle stressful situations.
  • Demonstrate a degree of creativity with strong, analytical problem-solving skills.
  • Excellent verbal, presentation, and written communication skills for both technical and non-technical audiences.
  • High familiarity with ISO27001/2, NIST CSF, PCI-DSS, and other industry standards and frameworks.


  • Bachelor’s Degree in Information Technology, Computer Science, or Cyber Security is preferred, nontechnical degrees with Computer Science fundamentals will be consider combined with technology experience.


  • At least one Information Security certification (or working towards) such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), etc. required.

  • SSN verification
  • 5 year statewide criminal


  • Possible travel to Port Office (Miami)


  • $31.00 – $48.00 per hour, depending on experience.
  • We offer health, dental, and vision insurance.


  • Remote work is NOT available, local candidates only please.

No candidates through agencies and no C2C.

We are not sponsoring visas at this time.

Upload your resume. Max. file size: 10 MB.

Posted in .