Security Governance, Risk & Compliance Analyst

About The Position

Requirements

• Minimum 2 years direct/ related work experience in security, governance, risk, and compliance, risk management, IT audit, information technology, or related.
• Excellent written/verbal communication skills, with ability to present to peers and co-workers
• Working knowledge of common security frameworks such as: HITRUST, ISO 27001, NIST, PCI-DSS or SOC
• Background and drug screen.

Nice To Haves

• Additional related education and/or experience preferred.
• Prior financial services or FinTech experience.
• Prior GRC, Information Security & Technology Consulting, or Advisory experience with leading consulting firms such as KPMG, Deloitte, E&Y, PWC is highly desirable.
• Working knowledge of ISO 27002, PCI DSS 3.2 or current, NIST 800-53a, Standard Information Gathering Questionnaires, FFIEC handbooks, SOC-2 Type II, GLBA, FCRA, NYDFS, and data privacy.

Responsibilities

• Plan and support the Security Governance, Risk and Compliance programs and department initiatives
• Further develop Security Governance, Risk and Compliance skills and support at least two of the functional areas within Security Governance, Risk and Compliance: Risk management, PCI assessments, Internal Audits, Security policy management, GRC tool management, remediation plans for security-related findings (IA, OCC, SOC-2, etc.), participation and facilitation of external audits: (GLBA, SOC-2, customer audits, consolidated customer audits), Security trainings and user responsibility agreements, ensure adherence to policies and deadlines, and provide assistance to remediation owners for interpretation of policies and processes in line with the objectives of the organization and regulators.
• Provide consultation to management on regulatory, legal, and contractual requirements.
• Perform GRC activities using the GRC platform; support the Security Department with GRC platform usage and best-practices.
• Engage business owners throughout the organization in the development and enforcement of security policies, standards, procedures, and guidelines at the direction of Security Management.
• Oversee the completion of internal control testing; advise management on control design and implementation; perform testing where needed.
• Identify control gaps and weaknesses, and track and report remediation progress.
• Assess information security risk and recommend mitigation activities in alignment with Enterprise and Operational Risk Management requirements.
• Facilitate the collection and review of documentation required for internal and external audits and assessments (SOC-2, GLBA, FISMA, PCI-DSS, others).
• Facilitate the execution of internal and external audits and assessments.
• Conduct security GRC reporting (risk, controls, issues, or otherwise) for management and stakeholders.
• Create monthly security-focused metrics reporting for management and senior leadership.
• Maintain compliance programs (security awareness and training activities, phishing and password, etc.) according to their set schedules.
• Support the company’s commitment to protect the integrity and confidentiality of systems and data.

Benefits

• Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
• 401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
• Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
• 12 weeks of Paid Parental Leave
• Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.