GRC Interrelation Exercise Solution

Job Description Example

SwiftTech is searching for a GRC Analyst.

• This individual will be expected to partner with various stakeholders such as business leaders and IT resources to align security strategy with business strategy.
• The successful candidate will also be involved in the development of policies, procedures and training measures to assist the organization in reducing risk to support the development of a secure organization.
• The individual will also be expected to work primarily developing measurement and assessment for existing security controls and reporting results to stakeholders and IT leadership.
• It is expected that the individual will spend significant time understanding compliance and risk management concepts as they relate to the business so as to be able to effectively interact with business stakeholders and SMEs.
• Finally, this individual should be able to deliver communication effectively to various constituencies, whether through the development of polished training deliverables (e.g. user guides or a newsletter) or reports to operational security stakeholders as they relate to the outcomes form security control testing.

QUESTION:

How does this compare to what you wrote in your job description? What did you include? What did you leave out?