Security GRC Senior Analyst

About The Position

Requirements

• Bachelor’s degree or equivalent GRC/security experience
• 3+ years in Security GRC, IT audit, or compliance program management
• Working knowledge of PCI DSS, SOX, SOC, ISO 27001, NIST CSF, or similar frameworks
• Experience managing audits, evidence, and control remediation
• Strong communication skills across technical and non-technical teams
• Ability to juggle priorities in a multi-entity, distributed environment
• Up to 30% domestic US travel and could include minimal international travel

Nice To Haves

• Experience with OneTrust, Hyperproof, or similar GRC platforms
• Background in financial services, payments, or regulated industries
• Vendor risk management experience

Responsibilities

• Own and continuously improve security governance and compliance programs across assigned entities
• Lead audit and certification efforts (PCI DSS, ISO 27001, SOC, SOX ITGC, Internal Audit), including readiness, evidence, and remediation tracking
• Act as the primary liaison for auditors, control owners, and leadership
• Identify and manage entity-level security risks, contributing directly to Enterprise Risk Assessments (ERA)
• Coordinate third-party and vendor security risk activities using OneTrust
• Own customer security compliance, ensuring contractual requirements align to internal controls and evidence
• Maintain dashboards, metrics, and reporting in GRC tools (Hyperproof, OneTrust, Fence)
• Partner cross-functionally with IT, Engineering, Legal, Privacy, Procurement, and Audit teams
• Collaborate withglobal GRC leadership on shared initiatives

Benefits

• 401(k) Plan
• Health/Dental/Vision Insurance
• Employee Stock Purchase Plan
• Company-paid Life Insurance
• Company-paid disability insurance
• Tuition Reimbursement
• Paid Time Off
• Paid Volunteer Days
• Paid Holidays
• Casual Office Attire
• Plus many more employee perks & incentives!