Information Security Governance, Risk & Compliance Analyst

Encore Capital Group•San Diego, CA

About The Position

Provide professional information security services by applying expert knowledge of Information Security Management Systems and established information security controls across both technology and business processes. Work independently to interpret requirements and recommend effective control solutions that support risk reduction and compliance objectives. Support the development and enhancement of control management processes to ensure Encore business entities operate effective, well-evidenced information security controls that address operational risks, local regulatory and legislative obligations, corporate policies, and security best practices. Contribute to the consistent operation and continual improvement of the Information Security Management Systems by maintaining processes, standards and quality assurance activities related to risk management, audit readiness, awareness initiatives and corrective action management. Collaborate proactively with departments to provide clear, actionable information security guidance that enables informed decisions and fosters strong working partnerships.

Requirements

Applicants must have current authorization to work in the United States on a full-time basis.
EDUCATION: Bachelor's
FIELD OF STUDY: Cybersecurity , Information Technology or equivalent
EXPERIENCE: Minimum 5 years of experience in Information Security, with a strong focus on Governance, Risk, and Compliance.
CERTIFICATION(S): CompTIA Security+ or equivalent in experience.
KNOWLEDGE, SKILLS, ABILITIES, AND OTHER ATTRIBUTES: Proficiency in using GRC tools and software to streamline and automate risk and compliance processes (i.e., AuditBoard)
Skilled in audit management and experience liaising with third party auditors
Able to work in a complex, global environment, actively and effectively managing relationships with other business units and stakeholders
Knowledge of cybersecurity principles, best practices, and industry standards
Knowledge of governance, risk management, and compliance principles and practices
Skilled in communicating technical requirements with non-technical stakeholders
Strong oral and written communication skills
Strong problem solving and analytical skills
Strong time management skills, including effective responsibility prioritization
Strong analytical and problem-solving skills to identify and assess security risks and develop appropriate mitigation strategies
Knowledge of various cybersecurity frameworks such as NIST Cybersecurity Framework, ISO 27001, CIS Controls, etc.

Nice To Haves

EDUCATION: Bachelor's
FIELD OF STUDY: Cybersecurity, Information Technology or equivalent
EXPERIENCE: Over 5 years of experience in Information Security, with a strong focus on Governance, Risk, and Compliance.
CERTIFICATION(S): CompTIA Security+, Certified Information Security Manager (CISM), Certified in Governance, Risk and Compliance (CGRC), Certified Information Systems Auditor (CISA).
KNOWLEDGE, SKILLS, ABILITIES, AND OTHER ATTRIBUTES: Experience in technical Information Security roles a plus
Experience directly or indirectly managing team members
Strong understanding of cybersecurity principles, best practices, and industry standards
In-depth knowledge of governance, risk management, and compliance principles and practices
Ability to develop and implement risk assessment methodologies and compliance programs
Ability to successfully influence stakeholders in support of shared goals
Fluency in Spanish or French a plus

Responsibilities

Implement and maintain information security policies, standards, procedures, guidelines and training materials that support the delivery of the Encore ISMS.
Provide clear, actionable recommendations to promote effective governance of information security controls.
Serve as a key resource for GRC activities, building effective relationships with key business stakeholders, and collaborating closely with global risk and compliance teams.
Support the effective management of Information Security risk to deliver security through clear, consistent, and prioritized communication of key vulnerabilities and recommended mitigations.
Work with risk owners to support re-mediations required to bring residual risks in line with targets.
Perform regular audits of our InfoSec controls in line with policy and our ISMS; support control owners; document evidence; report findings, recommend actions; manage re-mediations.
Conduct regular and ad hoc risk reviews; prepare structured analysis for senior stakeholders/risk owners; provide prioritized recommendations, with options based on clearly communicated compensating controls, their impact, and effect on residual risk.
Contribute to the continuous service improvement efforts to ensure the ISMS remains effective and aligned with ISO 27001 requirements.
Apply subject-matter expertise in our chosen frameworks (ISO27001, NIST CSF and others), providing informed recommendations and sharing knowledge to support team learning and capability development.
Support the operation of the NIST CSF maturity model by evaluating control performance, preparing assessment materials, and communicating results to internal stakeholders to inform improvement planning.
Escalate identified security issues within required timescales and quality standards; recommend appropriate remediating actions and tracking progress towards closure.
Maintain and update all ISMS policies, procedures and relevant legislation; ensure ISMS documentation is up to date and accurate.
Provide GRC InfoSec support to the business outside of normal working hours in response to key incidents or event management practices.
Work collaboratively within the team, supporting other team members and covering periods of absence as required; carry out any reasonable instructions as directed by management in alignment with departmental goals.
Maintain working knowledge of data privacy laws and regulations relevant to the business.
Perform other duties as assigned.

Benefits

Pay and Bonuses: Earn a competitive salary. All employees are eligible for monthly incentives or annual bonus.
Career Progression: Grow at MCM with paid training and development programs – including our very own MCM Academy – as well as a promote-from-within philosophy.
Reward and Recognition: We are committed to honoring great results – ranging from informal accolades to formal company-wide awards and prizes like all-inclusive vacations.
Tuition Assistance: Pursue a degree or coursework related to your current role, or the role you are striving for.
Healthcare Insurance: Take advantage of comprehensive healthcare plans and options to ensure your continued health, plus fitness membership reimbursements, weight watchers, our wellness rewards Program and more.
Volunteering Opportunities: Enjoy up to eight hours of paid time off each year to volunteer. We also offer volunteer grants and matching financial donations, up to US$ 2,500 per employee annually.
Retirement Savings: Build a strong financial foundation and reach your goals for the future. With all the effort you invest in us, we’re proud to invest in you.
New Family Support: Celebrate your new arrival with company paid leave, new parent flex time, and child back-up care options.
Team-building: Enjoy experiences that inspire bonds with your colleagues through a wide range of company-sponsored team-building events, such as holiday celebrations and department outings.
Work-Life Balance: Enjoy paid and floating holidays, as well as generous paid-time-off.
Our compensation and benefits programs were created with an 'Employee-First Approach' focused on supporting, developing, and recognizing YOU. We offer a wide array of wellness and mental health initiatives, support volunteerism, and environmental efforts, encourage employee education through leadership training, skill-building, and tuition reimbursements, and always strive to provide promotion opportunities from within.