Home PageWho We Are and What We DoPhilosophyCareerContact Us
Core Competencies Workforce Solutions IT Service Products GSA

This position requires - Clear Background, Drug Test, and Education Check.
Must be authorized to work in the US for any employer without Sponsorship.
(Principal Only! No Corp to Corp)
---------------------------------------------------------------------------------------------------------------------

Position Title: 579668-Senior Cybersecurity GRC Analyst
Location: San Jose, CA
Pay Rate: $85-$95

Contract Duration: 6 months contract

Description:

• Governance & Compliance Leadership:

  • Develop and manage the overarching Compliance Program to ensure alignment with industry standards (e.g., SOC2, NIST 800-171, ISO 27001, NIST 800-53).
  • Partner with IT Security Operations to ensure security controls are properly designed, implemented, and operating effectively.
  • Lead the end-to-end cybersecurity audit process (internal and external), including the preparation of response documentation and the execution of remediation plans.
  • Develop and distribute high-level information security reports and compliance dashboards to key stakeholders.

• Risk Management & Assessment:

  • Lead comprehensive cybersecurity risk assessments across the enterprise, identifying vulnerabilities and recommending prioritized mitigation strategies.
  • Develop and maintain the Corporate Risk Register, tracking risk acceptance, treatment plans, and residual risk.
  • Perform quantitative and qualitative risk analysis to inform executive decision-making and resource allocation

• Identity & Access Governance:

  • Oversee and collaborate with stakeholders to execute quarterly user access reviews (UAR) and monthly user activity monitoring.
  • Ensure timely completion, technical accuracy, and rigorous documentation of all access reviews to meet audit requirements.
  • Analyze access trends and "over-privileged" accounts to recommend Least Privilege improvements and role-based access control (RBAC) refinements.

• Third-Party Risk Management (TPRM):

  • Own and maintain Third-Party Risk Management evaluation practices, ensuring vendors are vetted against corporate security standards to mitigate supply-chain risk.

• Policy & Process Engineering:

  • Author, maintain, and update information security policies and Standard Operating Procedures (SOPs) to ensure alignment with evolving industry standards.
  • Manage and govern Change Management processes to ensure security stability and compliance during technical transitions.

 

Location: Onsite at our San Jose office/headquarters 5 days a week

 

Requirements:  

• Experience: Minimum 10 years of experience managing Cybersecurity compliance programs from inception to completion.

• Technical Expertise: Hands-on experience with SOC 2 and a deep understanding of IT technical security controls.

• Framework Proficiency: Expert knowledge of industry-standard programs (e.g., ISO 27001, CIS v8.1, NIST 800-53, NIST 800-171, CMMC, FedRAMP).

• Analytical Skills: Strong analytical thinking with the ability to prioritize complex tasks within a fast-paced, evolving environment.

• Communication: Excellent interpersonal, verbal, and written communication skills, with the ability to work effectively as a team player or independently.

• Security Knowledge: A strong foundation in IT security concepts with a heavy emphasis on Security Risk Assessment.

• Certifications: Relevant professional certifications such as CISSP, CISM, or CISA. Preferred Qualifications:

• Exceptional ability to tailor complex technical communication for both technical audiences and non-technical executive leadership.

 

We encourage Minorities, Women, Protected Veterans and Disabled individuals to apply for all positions that they may be qualified for. We maintain a drug-free workplace and perform pre-employment substance abuse testing and background checks

------------------------------------------------------------------------------------------------------

If you are interested in this position, please submit your resume in a Word Document with the month and year that you have worked at each previous position to - Veronika@norlandgroup.com and copy: 579668-Senior Cybersecurity GRC Analyst to the email Subject Line.

Or click this email link and attach your resume in a MS Word Document format

Job Posted Date: 6/22/2026