Sr. Security Analyst - GRC

About The Position

Requirements

• Minimum of 5 years of Information Security experience in a combination of Risk Management and Compliance roles.
• Experience with process automation tools such as ServiceNow, Jira, MS Flow, etc.
• Knowledge of applicable industry rules (ISO27001, NIST, GDPR, CCPA, PCI, SOX, etc.) and expertise in Information Security best practices.
• Knowledge of IT Risk Management policies, requirements, tools, and procedures.
• Bachelor’s degree in Business or Accounting, Information Security, Information Management Systems, Cybersecurity, or other applicable area, or related work experience.
• Proven track record of applying data analysis tools (e.g., Excel, Power BI) to analyze complex datasets, identify trends, and drive informed risk and compliance decisions.
• Experience prioritizing and managing multiple projects with competing priorities.
• Experience with GRC tools and reporting.
• Experience supporting PCI DSS and/or SOC 2 compliance programs in a regulated environment.
• Experience with Data Classification practices.
• Ability to understand and communicate technical information in understandable business terms.
• Excellent in-person and virtual communication, business writing, and presentation skills.
• Strong influencing, problem-solving solving and decision-making skills.

Nice To Haves

• Certification applicable to a role in Information Security Governance, Risk, and Compliance is preferred.

Responsibilities

• Develop, maintain, and enhance information security policies, standards, procedures, and control documentation to align with organizational objectives and regulatory requirements.
• Support the execution of the Information Security governance framework and alignment with enterprise risk management practices.
• Ensure governance artifacts are reviewed, approved, communicated, and consistently applied across the organization.
• Lead and coordinate ongoing compliance activities for PCI DSS, SOC 2, and SOX, ensuring continuous alignment with control requirements.
• Serve as a platform owner and administrator for security governance and assurance platforms (e.g., ZenGRC) and security awareness platforms (e.g., KnowBe4).
• Perform independent assessments of management, operational, and technical security controls to evaluate control design, implementation, and operating effectiveness.
• Identify, document, assess, and communicate information security risks, including inherent risk, residual risk, and control gaps; assist with Risk Registry management.
• Facilitate risk assessments for new systems, applications, cloud services, and material changes.
• Support risk treatment, remediation tracking, and formal risk acceptance processes.
• Ensure appropriate documentation, evidence, and traceability are maintained to support internal and external assurance activities.
• Administer and continuously improve the enterprise security awareness and training program.
• Manage and optimize the Training and Awareness platform, including training campaigns, phishing simulations, assignments, and reporting.
• Analyze awareness metrics (e.g., training completion, phishing susceptibility, trends) and present actionable insights to leadership.
• Partner with HR, IT, and Communications to promote a strong, security-aware culture.
• Provide guidance and subject matter expertise to IT, engineering, and business teams on security, risk, and compliance requirements.
• Develop and deliver targeted training and enablement sessions for technical and non-technical audiences.
• Define, develop, and maintain security, risk, and compliance metrics that support executive oversight and risk governance.
• Establish and maintain key compliance metrics aligned to organizational risk tolerance.
• Prepare dashboards, reports, and executive-level summaries that clearly communicate risk posture, trends, and areas requiring attention.
• Use data and metrics to drive remediation prioritization and continuous improvement initiatives.

Benefits

• We care about your health. We offer competitive healthcare (health, dental, vision, coverage) in addition to voluntary benefits, including home and car insurance, pet insurance, a flexible spending account, among many more.
• We invest in your future. Our 401K plan has immediate vesting, so you can start saving for retirement right away.
• We believe in flexibility. We offer a hybrid schedule with on-site work 3 days a week.
• We want you to unplug when needed. We believe in taking your time off without guilt and offer accrued paid time off and company-paid holidays. For Washington residents, you will receive 13 vacation days, 8 paid sick leave, 8 company-paid holidays, and family paid leave.
• We care about your development. We support tuition reimbursement after 6 months of service.
• We believe in pay transparency. The salary range is $90,000 to $100,000 (depending on qualifications) with annual bonus eligibility.