Security GRC Sr Analyst I

About The Position

Requirements

• Experience: 5+ years of relevant experience in a Cyber Security Risk and Compliance
• Framework Knowledge: Deep understanding of common security frameworks and standards such as NIST CSF, ISO 27001, SOC 2, and PCI-DSS.
• Communication: Excellent written and verbal communication skills. You must be able to explain complex security risks to non-technical stakeholders and leadership.
• Education: Bachelor’s degree in Computer Science, Information Systems, Business Administration, or equivalent work experience.
• A mindset focused on seizing opportunities and moving with urgency
• Dedication to fierce prioritization and operational excellence
• Adaptability to a dynamic, fast-moving environment
• A growth mindset and openness to feedback#

Nice To Haves

• Preferred Certifications: CISA, CISSP, CRISC, CISM

Responsibilities

• Compliance Management
• Requirement & Control Administration: Maintain a centralized repository of security controls and requirements. Map internal controls to relevant regulatory frameworks and standards (e.g., SOC 2, GDPR, CCPA, PCI-DSS).
• Questionnaire & Contract Support: Serve as the primary point of contact for customer security questionnaires and vendor contract reviews. You will articulate our security posture to external partners and clients to support sales enablement.
• Audit & Issue Management: Coordinate internal and external compliance audits. Manage the evidence collection process and track audit findings (issues) to remediation, ensuring timely closure of gaps.
• Risk Management
• Risk Assessment Facilitation: Lead security risk assessments for new projects, technologies, and vendors. You will guide stakeholders through the process of identifying threats and vulnerabilities.
• Identified Risks Monitoring: Maintain the corporate risk register. Track identified risks, mitigation plans, and risk acceptance decisions to ensuring leadership has visibility into the organization's risk landscape.
• Third-Party Risk Monitoring (TPRM): Oversee the third-party risk management program. Assess the security posture of vendors and partners, monitoring for changes in their risk profile throughout the relationship lifecycle.
• Security Maturity Monitoring: Measure and report on the overall maturity of the security program against established goals and KPIs.
• Policy Management
• Policy Set Administration: Own the lifecycle of information security policies, standards, and procedures. You will review, update, and publish documentation to ensure it accurately reflects LTK's security commitments and aligns with industry best practices (e.g., NIST, ISO 27001).
• Documentation: Collaborate with technical teams to translate complex security requirements into clear, accessible policy language.
• Security Awareness
• Training Delivery: Develop and deliver engaging security awareness training materials. This includes onboarding training for new hires and continuous education for the wider organization.
• Phishing Simulations: Orchestrate and analyze simulated phishing campaigns. Use data from these campaigns to identify vulnerable user groups and tailor training interventions accordingly.

Benefits

• The opportunity to be part of the leading global company in creator commerce
• A remote-first, productivity-first environment
• Competitive compensation and benefits package to meet the needs of you and your family
• 401(k) with LTK company matching
• Medical Insurance, Vision Insurance, Dental Insurance
• Paid Maternity Leave and Paid Paternity Leave
• Summer Fridays and Flexible PTO