GRC Technical Incident Response Analyst (Unpaid Volunteer Position)

Location: Remote

Reports to: GRC Manager

Time commitment: minimum 20 hours weekly

Headcount: 1 person

Summary:

We are looking for a highly motivated and detail-oriented Governance, Risk, and Compliance (GRC) Analyst with a strong background in technical incident response. The ideal candidate will help build and mature our security programs, focusing specifically on our event technology infrastructure, while also playing a key role in responding to and mitigating technical security incidents.

Job Descriptions:

• Perform security risk assessments, including third-party and vendor risk management, to identify vulnerabilities and mitigate threats related to events, data handling, and technology infrastructure.
• Conduct risk modeling and incident response exercises specific to live events, such as mitigating risks from public Wi-Fi, phishing during registration, and protecting sensitive users and clients data.
• Serve as an escalation point for the Security team, leading the end-to-end incident response process from detection and analysis to containment, eradication, and recovery.
• Assist technical security requirements into effective, actionable security policies, standards, and procedures.
• Develop and report on key security metrics, including those related to incident response performance (e.g., detection time, resolution time), for management and governance committees.

Candidate Qualifications:

• A bachelor’s degree in a technical field like Computer Science, Cybersecurity, or Information Technology is typically required.
• Have a strong foundational knowledge of IT and cybersecurity principles, including security controls, networking concepts, and operating systems.
• Skills in digital and network forensics for investigating data breaches and analyzing malware.
• In-depth knowledge of major security frameworks(NIST, ISO) is critical.