GRC Analyst
About The Position
We are seeking a detail-oriented Governance Risk and Compliance (GRC) Analyst to join our Security and Compliance team. The GRC Analyst will work in a collaborative fashion with our internal teams and external partners to manage Security & Compliance risk. Our preference for this role is those who have solid experience in technology, information security or compliance, and have significantly contributed to SSAE18, SOC 2, Payment Card Industry (PCI) ROC and/or ISO 27001 audits. We're looking for team players who want to challenge themselves within a growing company, and are as comfortable talking with senior management about information risk, as they are with IT staff. Therefore, if you thrive in a dynamic environment, then maybe you are the one we’re looking for! This position is a remote position reporting to the Senior Director of Governance, Risk & Compliance
Requirements
- Direct experience with achieving successful annual PCI Compliance, SSAE18 SOC 2 attestations and/or ISO 27001 certifications
- 1-3 years of experience leading information security audits with a preference for IS0 27001 and SOC 2 audits or assessments
- 1-3 years of experience as an IT, security or compliance analyst, with experience developing security strategy and policy.
- Experience authoring policies and procedures
- Solid knowledge of ISO 27001, NIST 800-53, NIST 800-171, NIST CSF
- Experience with full Governance, Risk Management and Compliance Lifecycle
- Personal integrity
- Self-motivated, self-disciplined, and self-governed. You hold yourself to a higher standard than others.
- Highly consultative and collaborative nature.
- Excellent communications and presentation skills, with the ability to convey complex technology concepts to non-technology stakeholders.
- The discipline to work effectively from remote location.
- Degree in computer science, information systems, information security, or a related discipline. Equivalent work experience will also be considered
- Experience with Payment Card Industry (PCI) Compliance
- Excellent analytical and stakeholder engagement skills
- Strong organization and planning skills
- Successfully pass background check
- Must be able to lawfully work within the US and have unrestricted work authorization for US
- Ability to travel up to 15% if required
Responsibilities
- Conducts audits of internal information security, compliance and privacy processes.
- Ensures timely resolution to all audit and risk assessment findings or issues.
- Manages OneTrust GRC reporting portal.
- Appropriately communicates audit reports, gaps or recommendations to company management, and tracks any open concerns or questions to resolution.
- Identifies potential technologies, processes or solutions that could improve the security posture of the company
- Contributes to the development of security standards, access controls, and compliance requirements of applications, network infrastructure, servers and workstations.
- Serves as subject matter expert regarding information security and compliance policy
- Maintains awareness of current and emerging threat landscapes
- Assists in reporting security & compliance metrics to management.
- Supports additional audit and governance functions as assigned
- Earns the trust and respect of the Direct Travel team.
- Grows into a role with increasing responsibility
Benefits
- Medical
- Dental
- Vision benefits
- employee rewards and recognitions program
- Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
