Senior Cybersecurity Analyst, GRC

KAYAK is seeking a talented individual to lead their Cybersecurity GRC program and take it to the next level. The role involves working closely with multiple teams to develop processes and controls that meet internal business objectives and external audit requirements. The successful candidate will be responsible for managing compliance and security audit activities, improving the company's maturity on the NIST CSF framework, and maintaining certifications such as SOC 2 Type 2 and PCI DSS. They will also be expected to streamline audit and control processes, develop metrics to measure the effectiveness of GRC programs, and stay up-to-date with industry best practices.

• Lead compliance and security audit activities with external auditors and internal control owners to ensure timely and successful completion of audit requirements.
• Improve the maturity of the NIST CSF framework.
• Manage the SOC 2 Type 2 certification process and minimize deficiencies.
• Manage the annual PCI DSS certification process.
• Maintain the risk register processes, standards, and components.
• Respond to partner third party risk assessments.
• Execute and manage vendor TPRM.
• Streamline audit and control processes.
• Develop metrics to measure the effectiveness of GRC programs.
• Stay up-to-date with changes in laws, regulations, and industry best practices related to GRC.

• At least 3 years of experience performing technology Third-party security and risk management lifecycle program work, including assessment, reporting and remediation planning and tracking activities both for a Big 4 auditor or equivalent and inside a corporate environment.
• Familiarity with industry and regulatory frameworks like NIST, SOC, PCI.
• Basic understanding of concepts of risk analysis, computer security, IT systems, and networking.
• A balanced, pragmatic approach to risk management in the context of technical projects and organizational goals.
• Experience building complex project plans and tracking completion, negotiating commitments and escalating on blocking issues constructively.

• 4 weeks paid vacation
• Day off on your birthday
• Generous retirement plans
• Awesome health, dental and vision insurance plans
• Flexible Spending Accounts
• Headspace Subscription
• No Meeting Fridays
• Drinks, coffee, snacks, games etc.
• Weekly catered lunches
• Flexible hours
• Regular team events/excursions
• Universal Paid Parental leave