GRC Security and Access Governance Analyst

About The Position

Requirements

• 3+ years of experience in a GRC or information security role
• Experience with Identity & Access Management tools
• Experience working with business process owners
• Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience)
• Strong understanding of SOX access control principles and best practices
• Knowledge of risk management frameworks
• Demonstrated ability to manage medium complex projects
• Strong interpersonal and communication skills, with the ability to collaborate effectively

Nice To Haves

• Experience in a regulated public company is preferred
• Certification in CISA or CISSP preferred

Responsibilities

• Risk Assessment
• Conduct regular risk assessments to identify and evaluate potential threats and vulnerabilities
• Analyze security controls, policies, and procedures to identify gaps and weaknesses
• Develop risk matrices and prioritize risks based on likelihood and impact
• Access Governance
• Design and maintain access governance frameworks, policies, and procedures to ensure appropriate and least-privilege access across all systems and platforms
• Oversee user provisioning, deprovisioning, and access modification processes to ensure timely and accurate execution
• Conduct and manage periodic user access reviews and certifications, ensuring individuals hold access privileges appropriate to their roles and responsibilities
• Identify and remediate segregation of duties (SoD) conflicts and other access control violations
• Partner with the IAM team to continuously improve access governance processes, tooling, and automation
• Assist in the implementation and maintenance of IAM systems(Okta, ConductorOne) and processes
• Certify access reviews and recommend changes as needed
• Compliance Management
• Ensure compliance with relevant regulatory and industry frameworks (e.g. SOC2, ISO 27001, PCI DSS, SOX 404, GDPR, CCPA)
• Develop and maintain compliance documentation and evidence
• Policy Development and Enforcement
• Assist in the development, implementation, and maintenance of information security policies including building relevant procedures to meet policy objectives
• Ensure adherence to established policies and procedures by conducting regular audits and reviews
• Identify and address non-compliance issues
• Security Controls
• Assist in the development, implementation, and maintenance of security controls
• Review and evaluate the effectiveness of existing controls
• Identify and address control deficiencies
• Incident Response
• Contribute to incident response plans and procedures related to information security incidents
• Assist in the investigation and remediation of security incidents

Benefits

• Exceptional health, vision, and dental care
• Opportunity for equity ownership
• Life and AD&D, short- and long-term disability
• Employee Assistance Program
• Employee Resource Groups
• Fun company outings and events
• Unlimited PTO
• 401K with company match