Summary/ObjectiveThe Information Security GRC Analyst, will report to the Director, IT Compliance. This role will interact with multiple departments, manage compliance readiness, provide support for our central GRC repository, and conduct risk/gap assessments based on industry leading frameworks including remediation recommendations, tracking and associated metrics.Essential Functions- Support audit and compliance activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.
- Maintain and monitor a central repository of audit evidence
- Conduct gap analysis on various industry standard compliance and regulatory requirements
- Track, update, and draft clear, concise policies, standards and procedures
- Maintain an up-to-date risk register and track remediation status
- Collaborate with various departments on GRC related objectives
- Track and ensure compliance with IT and security controls covering a wide range of regulations
- Follow up with team members driving progress on tracked issues
- Develop and contribute to metrics and KPIs for CISO and executive management review
- Review, update, and test governance plans such as the BCP, IRP and DR plans
- Assist in the Development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices
Work EnvironmentThis job operates in a professional office environment. This role routinely uses standard office equipment such as laptop computers, photocopiers and smartphones.
Physical DemandsWhile performing the duties of this job, the employee is regularly required to talk or hear. This would require the ability to lift files, open filing cabinets and bend or stand on a stool as necessary.
Position Type/Expected Hours of WorkThis is a full-time position. Days and hours of work are Monday through Friday, during normal business hours. Occasional evening and weekend work may be required as job duties demand.
TravelLittle to no travel is expected for this position.
Education and Experience- A bachelor's degree and 2 years of regulatory compliance or similar experience in payments or consumer finance, or similar combination of education and experience are preferred.
- Working knowledge in risk management, audits (SOC 1, SOC 2, PCI DSS) and information security best practices.
- Basic understanding of regulatory compliance and information security frameworks such as GDPR, CCPA, NIST, CIS Controls, etc.
- Experience in dealing with internal / external resources across a variety of departments and office hierarchies
- Self-driven and high attention to detail
- Fantastic written and verbal communication skills
- Ability to operate in and maintain a fast pace and cadence
- Authorized to work lawfully in the United States of America
Other DutiesPlease note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
