IT GRC Analyst

About The Position

Requirements

• 2 to 5 years hands-on ServiceNow experience as a developer, implementation specialist and/or GRC technical analyst/architect, specifically with the GRC related modules within ServiceNow.
• Additional technical Skills to include JavaScript, HTML/CSS, REST/SOAP integrations, ServiceNow UI Actions.
• 5 to 8 years of technology and/or information security background and/or governance, risk & compliance.
• Intermediate knowledge of five or more of the following areas: infrastructure (physical, virtual & Cloud), network segmentation, operating system security, encryption and key management, tokenization, anti-virus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, risk assessments/reviews and information security policy.
• Ability to analyze, collaborate & present solutions (both verbal & written) to successfully remediate identified compliance issues with business partner, stakeholders and third party service providers.
• Intermediate knowledge of PCI DSS compliance & security frameworks to understand & validate the requirements of protecting customer's payment card data.
• Work well under pressure to identify and problem-solve complex situations across multiple customer channels and scenarios related to customer cardholder data and applicable PCI DSS Compliance.

Nice To Haves

• Past or current certifications in one or more of the following areas: Security+, CISSP, GSEC, AWS, Azure, Microsoft, CISA, CISM, PCI ISA or PCI QSA.
• Proven experience as a motivated, self-starter, who can deliver results in a fast paced, complex, changing environment.
• Must be a strong communicator, a team & individual contributor, who has preferably worked on a team across multiple time zones.

Responsibilities

• Applies defined PCI DSS scoping criteria.
• PCI ISA collects and reviews evidence of compliance to validate PCI DSS requirements are met.
• Supports the completion of assigned tasks for the annual PCI DSS Report on Compliance.
• Drives necessary system and process updates in alignment with PCI DSS scoping & requirements.
• Facilitates interaction between the business partner(s), product teams and the PCI C&C Team.
• Consults on new and complex PCI DSS compliance considerations.
• Works closely with business and technology teams to develop strong liaison relationships.
• Stays current with new and evolving security, technologies, governance, risk & compliance topics via formal training and self-directed education.
• Shares knowledge and experiences with others to help grow the team's talent bench through training and mentoring on a continual basis.

Benefits

• Compensation is based on a standard 38:45-hour work week.
• Potential yearly incentive pay up to 15% of base salary.
• Competitive pay, annual raise and bonus.
• Robust health and wellbeing programs.
• State Farm pays most of your healthcare premium.
• Multiple healthcare plan options, including a high deductible plan.
• All medical plans provide 100% coverage for in-network preventative care.
• Access to vision, dental, telemedicine, 24/7 mental health professionals, and much more.
• Educational benefits like industry leading training programs, top-notch tuition assistance programs, employee resource groups, and mentoring.
• Fertility/IVF/adoption assistance.
• College coaching.
• National discount programs.
• Interactive monthly financial workshops.
• Free financial coaching.
• State Farm Federal Credit Union.
• Generous time off policies.
• Opportunity to initially earn up to 20 days annually plus parental leave, paid holidays, celebration day, life leave (40 hours/year), bereavement leave, and community service/education support days.
• Matching Gift Program.
• Good Neighbor Grant Program.
• Employee Assistance Fund.
• Free financial advisors.
• 401(k) plan with company contributions of up to 7% of your salary.