The
Data Security Analyst is responsible for supporting the organization’s Governance, Risk, and Compliance (GRC) program through the review of ServiceNow GRC tickets, assessment of associated risks, and preparation of clear, well-documented analyses. This role facilitates security exception reviews, maintains policy governance processes, and ensures organizational alignment to regulatory frameworks such as NIST and HIPAA. The Data Security Analyst collaborates with leaders, business owners, and technical teams to drive effective risk management and maintain audit-ready documentation.
Think you’ve got what it takes?
Key Responsibilities
GRC Ticket Review & Risk Analysis
- Review, triage, and analyze GRC-related ServiceNow tickets.
- Identify and document risks, impacts, and business justifications.
- Draft clear and complete responses for requestors and stakeholders.
- Communicate updates, escalations, and decisions to leaders and service owners.
Security Exception Management
- Review and evaluate security exception requests to policies and standards.
- Determine impact and likelihood using approved methodologies.
- Document risk statements, compensating controls, and accountability expectations.
- Prepare and communicate risk acceptance recommendations to leadership.
- Analyze threats, vulnerabilities, likelihood, and impact to determine overall exposure.
- Draft risk assessment summaries, recommendations, and mitigation strategies.
- Maintain supporting documentation for audit and compliance review.
Policy & Procedure Governance
- Facilitate drafting, review, approval, and annual refresh of policies and procedures.
- Maintain version control, ensure revisions are documented, and produce finalized clean versions.
- Coordinate with policy owners to ensure alignment with internal standards and regulatory requirements.
Regulatory & Framework Alignment
- Interpret and apply NIST, HIPAA, and organizational control requirements.
- Ensure assessments and documentation reflect regulatory and framework expectations.
- Provide guidance on compliance requirements to stakeholders across the organization.
Knowledge Management
- Update and maintain Security Knowledge Articles within ServiceNow.
- Ensure articles are accurate, current, and accessible to users.
- Collaborate with subject matter experts to identify and close knowledge gaps.
Operational Support & Ad-Hoc Assignments
- Assist in audit preparation, compliance reporting, and evidence collection.
- Support continuous improvement initiatives within the GRC program.
- Respond to daily and ad-hoc requests from leadership and internal partners.
- Participate in team meetings, special projects, and GRC initiatives.
Performance Expectations
Quality & Accuracy
- Produces high-quality, complete, and well-organized risk analyses, assessments, and documentation.
- Ensures all work aligns with NIST, HIPAA, and internal policy requirements.
Timeliness
- Responds to ServiceNow tickets within defined SLAs.
- Delivers assessments and documentation by established deadlines.
- Communicates proactively regarding delays or issues.
Risk Judgment & Critical Thinking
- Applies consistent, well-justified risk ratings and identifies mitigation opportunities.
- Escalates high-risk items appropriately and collaborates effectively on resolutions.
Communication & Collaboration
- Drafts clear, professional communications for leaders, technical teams, and business owners.
- Works collaboratively across departments to resolve issues and drive outcomes.
Process Ownership
- Maintains updated knowledge articles, accurate documentation, and organized tracking.
- Demonstrates strong ownership of assigned GRC processes and tasks.
Professionalism & Reliability
- Maintains confidentiality and handles sensitive information responsibly.
- Consistently meets expectations with minimal rework and limited supervision.
Adaptability & Initiative
- Responds effectively to shifting priorities and ad-hoc needs.
- Demonstrates initiative by identifying risks early and suggesting process improvements.
