remote
Information Security GRC Analyst Contract - Wells Fargo
Software Engineer
Contract analyst responsible for supporting information security GRC initiatives, conducting risk assessments, auditing controls, and applying NIST and ISO 27001 frameworks to improve security processes.
About the role
Key Responsibilities
- Assist in low to moderately complex information security projects, identifying process improvement opportunities.
- Review, analyze, and document security findings from risk assessments, vulnerability scans, and compliance audits.
- Apply NIST, ISO 27001, and other security frameworks to evaluate controls and recommend remediation.
- Support the development and maintenance of GRC artifacts, policies, and procedures.
- Collaborate with cross‑functional teams to ensure security requirements are integrated into business initiatives.
Requirements
- 2+ years of experience in information security, risk management, or compliance.
- Hands‑on knowledge of NIST, ISO 27001, or similar security frameworks.
- Experience conducting vulnerability assessments and security audits.
- Strong analytical and documentation skills with the ability to communicate findings to technical and non‑technical stakeholders.
- Relevant certifications (e.g., CISSP, CISM, CRISC) are a plus.