Title: Sr. GRC Analyst
Location: Boston, MA -Hybrid
Duration: 6 Months with a possible extension
Visa – No H1-B
Must be fully vaccinated
1 day onsite per week
37.5 Hours work week paid
Minimum Requirements
The IT policy analyst works to provide IT policies aligned with NIST security controls for the MBTA. The IT Policy Analyst will work within the Enterprise Risk Management platform to manage policies, security control gaps, and dashboard/metric tracking. The GRC Policy Analyst will also work with MBTA-specific IT policies outside of the scope of NIST such as mobile device management, and data governance.
Responsibilities
- Oversee and manage NIST policy approvals and implementation at the MBTA
- Manage NIST policies within the ERM platform
- Coordinate with key stakeholders for non-NIST policies
- Research and evaluate policies to ensure they are up-to-date with current NIST guidance
- Stay aware of policy trends and new laws/guidelines from the Federal to state and local level
- Identify and implement GRC security controls based on the NIST framework.
- Manage and implement the cybersecurity awareness program including annual training, AUP acknowledgement tracking, and phishing training
- Collaborate with the GRC IT Risk Analyst on various projects for the GRC Department.