About this role
Analyst, Information Security GRC supports ICE’s global Information Security program within Governance, Risk, and Compliance. The role runs security metrics reporting, policy/procedure mapping, regulatory/audit inquiry documentation, and recertification and access review workflows, while operating the risk assessment platform.
Key Responsibilities
- Produce security metrics reports
- Maintain and map information security policies to control standards
- Support regulator/audit/customer inquiry documentation and responses
- Operate recertification and access review processes
- Build and operate the risk assessment platform for assessments, risks, controls, findings, and remediation
Technical Overview
This role uses automated and manual reporting to communicate security program status and maintains alignment between security policies and control standards. It operates risk assessment and remediation tracking using GRC Platforms, Excel, workflow automation tools, and data processing techniques (data normalization, indexing, correlation, visualization) with scripting (regular expressions and string-parsing) and light SDLC familiarity.
Ideal Candidate
The ideal candidate is an Information Security GRC Analyst who can support the global security program by producing security metrics, maintaining and mapping security policies to control standards, and running recertification and access review processes. They should be comfortable working with risk assessment documentation and remediation tracking using GRC platforms, Excel, and light scripting techniques.
Must-Have Skills
University degree in Information SecurityEngineeringMISCISor related discipline or equivalent years of experience requiredSecurity Metrics - Uses automated and manual processes to produce regular reportsPolicies and Procedures - Maintains corporate Information Security policies and departmental procedures and maps them to relevant control standardsRegulatorAuditand Customer Inquiries - Organizes and updates departmental documentation and responds to inquiries in an organized and repeatable fashionRecertification - Operates periodic processes to ensure hiretransferand termination protocols are complied with and regular access reviews are conductedRisk Assessment - Builds and operates the company platform to documentmeasureand report assessmentsriskscontrolsfindingsand remediation activity
Nice-to-Have Skills
Experience with Systems Administration and/or IP NetworkingExperience with Regulatory ComplianceExperience in an exchangetrading facilityor financial servicesExperience with senior management and board metrics generation and communicationAdvanced certifications (for examplethe CISSP)Advanced technical writing and/or communication education and experience
Tools & Platforms
ExcelWorkflow automation toolsGRC PlatformsNIST Cyber Security FrameworkCIS
Required Skills
Security Metricsautomated and manual processesInformation Security policiesPolicies and Proceduresregulator audit and customer inquiriesrecertificationhire transfer and termination protocolsaccess reviewsSecurity Awarenessrisk assessment platformassessmentsriskscontrolsfindingsremediation activitysystems administrationIP networkingregulatory complianceexchange trading facility financial services experiencesenior management and board metrics communicationadvanced technical writing and communicationExcelWorkflow automation toolsdata collectiondata normalizationindexingcorrelationvisualizationscriptingregular expressionsstring-parsinglight SDLCproject managementNIST Cyber Security FrameworkCISGRC Platforms
Hard Skills
Security metrics reportingAutomated and manual processes to produce regular reportsInformation Security policies maintenancePolicies and Procedures mapping to control standardsRegulatorAuditand Customer Inquiries documentation management and responseRecertification processesHiretransferand termination protocolsAccess reviewsSecurity awareness and education programsRisk Assessment platform operationsAssessments documentationRisks measurementControls documentationFindings trackingRemediation activity trackingUniversity degree in Information SecurityEngineeringMISCISor related discipline (or equivalent years of experience required)Systems AdministrationIP NetworkingRegulatory ComplianceExchangetrading facilityor financial services domain knowledgeSenior management and board metrics generation and communicationAdvanced certifications (for exampleCISSP)Advanced technical writingTechnical communicationExcelWorkflow automation toolsData collectionData normalizationIndexingCorrelationVisualizationScriptingregular expressionsstring-parsinglight SDLCProject managementNIST Cyber Security FrameworkCISGRC Platforms
Soft Skills
Organized and repeatable inquiry responseCommunication with regulatorsauditorsand customersEducation and awareness buildingCross-functional collaborationCommunication with senior managementAttention to compliance detail
Keywords for Your Resume
AnalystInformation Security GRCGovernanceRiskand ComplianceSecurity MetricsPolicies and ProceduresRegulatorAuditand Customer InquiriesRecertificationaccess reviewsSecurity AwarenessRisk Assessmentvulnerability management programExcelWorkflow automation toolsData collectionData normalizationindexingcorrelationvisualizationscriptingregular expressionsstring-parsinglight SDLCproject managementNIST Cyber Security FrameworkCISGRC PlatformsCISSP
Deal Breakers
Must have a university degree in Information Security, Engineering, MIS, CIS, or related discipline or equivalent years of experience required, Must be able to perform Security Metrics and Risk Assessment responsibilities described
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile