Sr. Cybersecurity GRC Analyst

About the job

Job Description

Position Summary

The Sr Cybersecurity GRC Analyst will be a senior team member leading and supporting the creation and adoption of security controls, policies, and processes throughout Bose’s organization. This role will provide expertise in multiple areas within Cyber GRC including cyber risk management, third-party risk management (TPRM), and regulatory compliance. This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level. The role requires the ability to speak confidently in front of large groups and with corporate management, vendors, and service providers.

Primary Responsibilities

• Provide subject matter expertise across key Cyber GRC risk areas including risk assessment methodologies, Identity and Access Management (IAM), cloud/SAAS, Data Loss Prevention (DLP), networks, systems design and operations, and incident management.
• Lead and implement enterprise-wide strategies and key initiatives/projects focused on the reduction of technology risk.
• Support cybersecurity risk, regulatory, and compliance objectives to reduce risk posture via standards, procedures, and controls.
• Continuously identify areas of improvement, create action plans, and execute to implement changes in a timely manner.
• Provide expertise in Bose’s Cyber GRC platform to operationalize TPRM, Risk Management and other similar functions.
• Domain knowledge across the following cybersecurity capability areas: Cybersecurity Compliance and Regulations, Policies and Procedures, Risk Management (third parties and insider risk), and Cybersecurity Training and Awareness.
• Collaborate with multiple stakeholders including Enterprise Risk, Information Technology (IT), and Product Security to develop roadmaps and strategies as they relate to Cyber GRC activities.

Qualifications

• BS/MS/Ph.D. in Computer Science, Computer Engineering, Mathematics, Business Administration, or equivalent is a plus, but not required; practical experience will be taken into consideration.
• 5+ years of experience in a Sr. Cybersecurity GRC role.
• Expertise utilizing Cyber GRC Platform (OneTrust, ServiceNow, etc.) for TPRM, Risk Management, and other similar functionality.
• Experience in policy creation, security control definition, risk management-related technologies, and security governance processes.
• Ability to evaluate risks and communicate security topics in the form of business value and business impact.
• Experience in security awareness and training program development and administration.
• Process-oriented and ability to build consensus among senior leaders within the organization on security policies, processes, and procedures.
• Deep knowledge of cybersecurity risk frameworks (e.g., NIST CSF)
• CGRC, CISSP, CRISC, PMP, or equivalent industry certification.

Location:

• Boston, MA or surrounding area.
• Options for remote work from home available (it is about impact, not location)

Bose is an equal opportunity employer that is committed to inclusion and diversity. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics. For additional information, please review: (1) the EEO is the Law Poster (http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf); and (2) its Supplements (http://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm). Please note, the company‘s pay transparency is available at http://www.dol.gov/ofccp/pdf/EO13665_PrescribedNondiscriminationPostingLanguage_JRFQA508c.pdf. Bose is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the application or employment process, please send an e-mail to [email protected] and let us know the nature of your request and your contact information.protected characteristics. For additional information, please review: (1) the EEO is the Law Poster (http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf); and (2) its Supplements (http://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm). Please note, the company‘s pay transparency is available at http://www.dol.gov/ofccp/pdf/EO13665_PrescribedNondiscriminationPostingLanguage_JRFQA508c.pdf. Bose is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the application or employment process, please send an e-mail to [email protected] and let us know the nature of your request and your contact information.