Senior Security Governance, Risk and Compliance Analyst

About The Position

Requirements

• Bachelor’s Degree in Information Security, Information Systems, Engineering, or other related field or equivalent experience in a related field
• 10+ years of progressive information security GRC experience
• 5+ years of experience conducting & supporting internal/external formal audits (such as PCI-DSS, SOX, HIPAA)
• Professional security certification such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), PCI-DSS Internal Security Assessor (ISA)
• A comprehension of security standards and frameworks, rules and regulations, and system trust principals, such as ISO, NIST, OWASP, SANS Top 20, PCI-DSS, GDPR, ITIL, and SOC2
• Previous experience with GRC tools such as KCM, Auditboard
• Thorough understanding of Security Methodologies required
• Ability to effectively communicate and educate others on the need and value-add of security governance, risk and compliance efforts

Responsibilities

• Review regulatory requirements, external policies or standards related to Information Security & Data Protection/Privacy, and conduct gap analysis to internal security policies and requirements. Ensure compliance with regulatory compliance and certification programs (e.g., ISO 27001, NIST CSF, PCI-DSS, MPA/TPN, GDPR)
• Establish, implement, and monitor the security certifications program and ensure that it continues scale appropriately with the business
• Ensure compliance with the established key metrics that measure data security standards, the ISO standards/certification and provide evidence of compliance for internal and external audits
• Be a Security and Compliance Champion that promotes and evangelizes awareness of different security and compliance risks and best practices across the company
• Perform risk assessments-including third party vendor/supply chain assessments, and manage associated security risk remediation activities
• Conduct control and risk assessments of technical operating environments and third parties.
• Identify, document, and manage gaps related to security and compliance and other tasks to support ensuring the Company’s underlying data and information security processes, infrastructure and measures are fit for purpose and scaled to deliver an appropriate level of protection
• Collaborate with cross-functional teams to ensure security related controls are documented and managed
• Support the business continuity management (BCM) program, including subject matter expertise input for business impact analysis (BIA), developing and testing business continuity plans (BCP), coordinating with IT on disaster recovery planning and updating/implementing crisis management plans (CMP)
• Coordinate third party audits on security, controls, and security/privacy compliance
• Conduct third party risk assessments and collaborate with external and internal stakeholders to identify critical risks to the organization
• Work with third parties to agreed risk treatment plan and participate in contract review
• Serve as a subject matter expert on internal controls, security, privacy and collaborate with Product Strategy and Development on product enhancements, features and security/privacy capabilities
• Respond to customer security/compliance questionnaires
• Stay current on market developments to identify emerging security technologies, risks, and trends

Benefits

• Comprehensive package of health benefits that include company contributions
• Discretionary bonus program
• 401(k) program with company match
• Paid time off covering vacations, personal time off and sick days
• Year-end holiday shutdown
• Alternative work schedule (9/80) to navigate your workweeks with every other Friday off