Sr. Security Governance, Risk & Compliance Analyst - Paze

About The Position

Requirements

• Education and experience typically obtained through completion of a bachelor's degree.
• Minimum of 5 or more years of direct/ related experience in security, governance, risk, and compliance, risk management, IT audit, information technology, or related.
• Proficient in ISO 27000, PCI DSS, NIST 800-53a, SIG, FFIEC handbooks, Service Organization Controls in accordance with SSAE No. 18, GLBA, and FCRA.
• Required certification in one of CISA, CISSP, CCSP, CRISC, GSNA, CGIH, or equivalent or ability to sit for one of the certifications within the first 12 months of hire.
• Excellent written/verbal communication skills, with ability to present to peers and co-workers.
• Background and drug screen.

Nice To Haves

• Additional related education and/or experience preferred.
• Prior financial services or FinTech experience.
• Certifications in any of the following: Security+, CISA, CISSP, CCSP, CRISC, GSNA, GCIH, or equivalent.
• Prior GRC, Information Security & Technology Consulting, or Advisory experience with leading consulting firms such as KPMG, Deloitte, E&Y, PWC is highly desirable.
• Experience with security-related technologies including GRC Technologies, Identity and Access Management tools, Single-sign-on technologies, and Security-focused systems.

Responsibilities

• Plan and support the Security Governance, Risk and Compliance programs and department initiatives.
• Oversee the security policy program, which includes policy drafting, managing approvals in the Governance, Risk, and Compliance tool, facilitating cross-functional input, and ensuring compliance with policies.
• Design and improve internal control testing program and practices; advise management on control design and implementation.
• Provide consultation to management on regulatory, legal, and contractual requirements.
• Act as Point of Contact and Project Manager for Information Technology and Security focused external and internal audits and assessments (SOC-2, GLBA, FISMA, PCI DSS, FFIEC, & others).
• Assess information security risk and recommend mitigation activities in alignment with Enterprise and Operational Risk Management requirements.
• Document work performed for all audits and assessments and provide support for required responses.
• Track and report on compliance metrics for assigned areas.
• Present to executive staff, business line leaders, and external customers on various security topics (risks, issues, policies, governance trends, compliance gaps, etc.).
• Participate and lead security awareness programs efforts (security awareness training, Company communications, events, etc.).
• Serve as a mentor for Security Governance, Risk and Compliance staff.
• Effectively communicate Security-related risks, control gaps/failures, and vulnerabilities to business owners.
• Lead the issues management efforts, including risk identification and remediation for Security.
• Support the company's commitment to risk management and protecting the integrity, availability, and confidentiality of systems and data.

Benefits

• Healthcare Coverage - Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
• 401(k) Retirement Plan - Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
• Paid Time Off - Unlimited Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
• 12 weeks of Paid Parental Leave.
• Maven Family Planning - provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.