Sr. Security Governance, Risk & Compliance Analyst - Paze

Early Warning Servicesposted about 1 month ago
$110,000 - $130,000/Yr
Full-time • Mid Level
Hybrid • Chicago, IL
Credit Intermediation and Related Activities
Resume Match Score
Upload and Match ResumeTrack Jobs with Teal

About the position

The Sr. Security Governance, Risk & Compliance Analyst - Paze position will support the Audit Readiness program within SecGRC with review and responding to Paze Customer, Merchant, and Integrator inquiries on questionnaires and contract negotiations. This will requires a comprehensive knowledge of Early Warnings Policies, Standards, and Processes, along with a substantial understanding of Information Security and Risk frameworks and best practices. Overall Purpose: The Sr. Security Governance, Risk & Compliance Analyst provides comprehensive activities supporting information security governance, risk, and compliance, including but not limited to: developing, assessing and recommending security policies, standards, and procedure updates in accordance with legal, regulatory, and contractual requirements; conducting and leading risk management activities; driving security risk assessment and remediation activities; analyzing and improving the internal controls testing program; facilitating audits and assessments; information security issues oversight; developing and improving security training and awareness activities.

Responsibilities

  • Plan and support the Security Governance, Risk and Compliance programs and department initiatives.
  • Oversee the security policy program, which includes policy drafting, managing approvals in the Governance, Risk, and Compliance tool, facilitating cross-functional input, and ensuring compliance with policies.
  • Design and improve internal control testing program and practices; advise management on control design and implementation.
  • Provide consultation to management on regulatory, legal, and contractual requirements.
  • Act as Point of Contact and Project Manager for Information Technology and Security focused external and internal audits and assessments (SOC-2, GLBA, FISMA, PCI DSS, FFIEC, & others).
  • Assess information security risk and recommend mitigation activities in alignment with Enterprise and Operational Risk Management requirements.
  • Document work performed for all audits and assessments and provide support for required responses.
  • Track and report on compliance metrics for assigned areas.
  • Present to executive staff, business line leaders, and external customers on various security topics (risks, issues, policies, governance trends, compliance gaps, etc.).
  • Participate and lead security awareness programs efforts (security awareness training, Company communications, events, etc.).
  • Serve as a mentor for Security Governance, Risk and Compliance staff.
  • Effectively communicate Security-related risks, control gaps/failures, and vulnerabilities to business owners.
  • Lead the issues management efforts, including risk identification and remediation for Security.
  • Support the company's commitment to risk management and protecting the integrity, availability, and confidentiality of systems and data.

Requirements

  • Education and experience typically obtained through completion of a bachelor's degree.
  • Minimum of 5 or more years of direct/ related experience in security, governance, risk, and compliance, risk management, IT audit, information technology, or related.
  • Proficient in ISO 27000, PCI DSS, NIST 800-53a, SIG, FFIEC handbooks, Service Organization Controls in accordance with SSAE No. 18, GLBA, and FCRA.
  • Required certification in one of CISA, CISSP, CCSP, CRISC, GSNA, CGIH, or equivalent or ability to sit for one of the certifications within the first 12 months of hire.
  • Excellent written/verbal communication skills, with ability to present to peers and co-workers.
  • Background and drug screen.

Nice-to-haves

  • Additional related education and/or experience preferred.
  • Prior financial services or FinTech experience.
  • Certifications in any of the following: Security+, CISA, CISSP, CCSP, CRISC, GSNA, GCIH, or equivalent.
  • Prior GRC, Information Security & Technology Consulting, or Advisory experience with leading consulting firms such as KPMG, Deloitte, E&Y, PWC is highly desirable.
  • Experience with security-related technologies including GRC Technologies, Identity and Access Management tools, Single-sign-on technologies, and Security-focused systems.

Benefits

  • Healthcare Coverage - Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
  • 401(k) Retirement Plan - Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
  • Paid Time Off - Unlimited Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
  • 12 weeks of Paid Parental Leave.
  • Maven Family Planning - provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.
Build your resume with AI

A Smarter and Faster Way to Build Your Resume

Go to AI Resume Builder

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service