Empleo Estudios Idiomas Para Empresas Sobre iAgora
Detalles de la Oferta
Inicio Empleo Estudios Idiomas Para Empresas
Empleo > Prácticas > Seguridad > EE.UU. > San Francisco > Detalles de la Oferta 

Security GRC Summer Intern

No se muestra la compañía
 San Francisco, Estados Unidos
Prácticas, Seguridad, Inglés

Descripción del puesto:

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

Security GRC Summer Intern
Team Overview
Governance Risk and Compliance (GRC) Team provides the full range of GRC services to the organization. These services include policy and standards creation and management, compliance readiness, risk assessments, vendor assessments and issues and exceptions management.

The intern on the team may work on a variety of different projects, depending on the team within GRC, including: conducting audit fieldwork, coordinating and following up on risk assessments with technical teams, managing issues and exceptions, and contributing to the improvement of our ISO program and GRC data automation processes. This requires technical background knowledge and the ability to learn new technical concepts and apply risk and control framework knowledge. This also requires exceptional analytical, verbal and written communications skills and an ability to create and foster strong relationships with cross-functional partners.

Minimum Qualifications
* Pursuing a BS/MS in Information Security or related degree
* Basic knowledge in security governance, risk and compliance frameworks and management
* Ability to communicate and work collaboratively with multiple levels in the technology organization
* Excellent interpersonal and relationship skills
* Excellent presentation, facilitation and communication skills
* Execution oriented and a self-motivator
* Excellent documentation skills for all tasks
* Ability to work alone, in a group, and with guidance to make decisions
* Ability to think critically and analyze problems
* Able to articulate situation, challenges, risks, and see intersection of compliance impacts

Preferred Qualifications
* Knowledge and exposure to Information Technology compliance and risk management frameworks (NIST 800-53, ISO Annex A controls, SOC 2 Control Criteria, etc.)
* Security knowledge (OWASP top 10, etc.)
* Exposure to Information Technology Auditing
* Exposure to enterprise GRC tools (Metricstream, Archer, etc.)
* Maintains an up-to-date understanding of industry best practices.
* Exposure to Agile practices and tooling (Jira, etc.)
* Demonstrate security interest and willingness to grow GRC focus areas (e.g. certifications)
For GRC Orchestration team:
* Participate in Security Risk Assessment workshops and interviews with technical teams, engineers and developers.
* Investigate, process Security Issues and Exceptions and provide visibility to leadership.
* Coordinate with Security Assurance, Control Owners, Business units/stakeholders on Corrective action plan, follow up, validation and resolution of issues, exceptions and extensions identified.
* Supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
* Review corrective action plans provided by the stakeholders.
* Collaborate with design team to improve the efficiency of IEM/RM work flow.
* Document risks and control gaps resulting from workshops and interviews with technical teams, engineers and developers or review of supporting documentation.
* Prepare and maintain reports, dashboards, process flows and presentations in a timely and accurate manner.
For GRC Compliance:
* Participate in compliance external audits with control owners and business units/stakeholders to support the timely and high-quality execution of certification programs.
* Obtain and analyze control process policies, standards and supporting documentation.
* Identify and documents areas of gaps or risks in existing control processes and work to develop solutions with internal business partners.
* Build strong relationships with business partners and help facilitate continuous improvement aligned with operational processes.
* Collaborate with team to effectively communicate program execution status, key accomplishments, and risks to management both within GRC and to our business partners.
For GRC Policy and Governance:
* Work with Engineering teams to figure out how to deliver security requirements within their tools in a usable and meaningful way
* Identify areas of improvement for how information security standards are structured and managed to increase usability and ease of use from end user feedback
* Create dashboard to help manage and provide visibility into the current state of the (COMPANY NAME) ISMS program
* Determine areas for automation and process improvement in the Security Steering Committee Program
* Perform root cause analysis of security requirement failures and create action plans for improvement areas
For Controls Assurance:
* Participate in Third Party Vendor Assessments and coordinate with third party vendors, Control Owners and Business Units/stakeholders on control processes.
* Assess Third Party Vendors for compliance with contractual agreements and compliance requirements.
* Participate in Internal Controls Testing and interviews with Control Owners.
* Obtain and analyze control process policies, standards and supporting documentation.
* Help identify and track risks and control gaps resulting from assessments and interviews with Third Party Vendors, Control Owners and Business Unit stakeholders or review of supporting documentation.
* Prepare and maintain documentation, reports, process flows and presentations.
* Perform anomaly investigations to identify early warnings of control risk.
For Evaluation and Integration:
* Assist in scoping and planning readiness/external audit work.
* Status reporting and tracking of ongoing assessments.
* Review and assess gaps and gap remediations.
* Participate in readiness/external audit walkthroughs.
* Assist in program process improvements, metrics, and program planning as needed.

Accommodations - If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At (COMPANY NAME) we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at (COMPANY NAME) and explore our benefits.

Sxxxxxxxxx.xxm and (COMPANY NAME).org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Sxxxxxxxxx.xxm and (COMPANY NAME).org do not accept unsolicited headhunter and agency resumes. Sxxxxxxxxx.xxm and (COMPANY NAME).org will not pay any third-party agency or company that does not have a signed agreement with Sxxxxxxxx.xxm or (COMPANY NAME).org.

(COMPANY NAME) welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, (COMPANY NAME) will consider for employment qualified applicants with arrest and conviction records

Origen: Web de la compañía
Publicado: 07 Oct 2020
Tipo de oferta: Prácticas
Idiomas: Inglés
53.536 empleos y prácticas
en 123 países
Regístrate   o Conectarse
Utilizamos cookies para ofrecer sus servicios, personalizar contenido y anuncios, y analizar nuestro tráfico.  Más información.
Personalizar Acepto