The Governance, Risk, and Compliance (GRC) Analyst will play a critical role in our Information Security department. This position is responsible for documenting and tracking the status of our cybersecurity posture against the NIST Cybersecurity Framework and other regulatory controls. The GRC Analyst will also prioritize areas for improvement and drive advancements in those areas to ensure our organization remains compliant and continually improves in prediction/response to threat and regulatory landscapes.
JOB DUTIES AND RESPONSIBILITIES:
Documentation and Tracking:
Document and maintain records of compliance with the NIST Cybersecurity Framework and other relevant regulatory controls.
Track the status of compliance initiatives and report on progress to senior management.
Risk Assessment and Management:
Conduct regular risk assessments to identify vulnerabilities and areas of non-compliance.
Develop and implement risk mitigation strategies to address identified vulnerabilities.
Collaborate with Technology teams to address vulnerabilities by priority.
Compliance Monitoring:
Monitor compliance with industry regulations and internal policies.
Prepare for and facilitate internal and external audits related to information security.
Improvement Prioritization:
Identify and prioritize areas for improvement within the information security program.
Develop and execute plans to address these areas, ensuring continuous improvement in our security posture.
Collaboration and Communication:
Work closely with various departments to ensure compliance with security policies and procedures.
Communicate effectively with stakeholders to promote a culture of security awareness and compliance.
Support Internal and external audit teams for evidence of compliance and tracking remediation of any findings.
Reporting:
Generate regular reports on the status of compliance and risk management activities.
Present findings and recommendations to senior leadership.
Other duties as assigned.
MINIMUM ESSENTIAL QUALIFICATIONS:
Bachelor's degree or equivalent years of experience in Information Security, Computer Science, Information Technology, or a related field.
Proven experience within an information security role.
Knowledge of cybersecurity principles, practices, and technologies.
Familiarity with security frameworks and standards (e.g., NIST, ISO 27001).
Good understanding of networking protocols, systems, and applications.
Regular and reliable attendance.
PREFERRED QUALIFICATIONS:
Industry certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or CompTIA Security+.
Experience with Governance Risk & Compliance (GRC) platforms.
Familiarity with cloud security principles and practices.
Working knowledge vulnerability assessment tools.
Excellent communication and collaboration skills.
Ability to stay current with the evolving cybersecurity landscape.
EQUAL EMPLOYMENT OPPORTUNITY:
Targa Resources provides equal employment opportunities based on merit, experience, and other work-related criteria and without regard to race, color, ethnicity, religion, national origin, sex, age, pregnancy, disability, veteran status, or any other status protected by applicable law. We also strive to provide reasonable accommodation to employees’ beliefs and practices that do not conflict with Targa’s policies and applicable law. We value the unique contributions that every employee brings to their role with Targa.
