Senior GRC Analyst

View full description

Requirements:

• 4+ years of experience in roles focused on governance, risk management, and compliance
• A strong understanding of information security and compliance frameworks such as CCPA/CPRA, SOC 2, and HIPAA
• Experience collaborating with engineering and product teams to identify risks, map commitments to controls, and develop relevant policies
• The ability to influence cross-functional teams to accomplish goals as well as understanding and communicating risks to stakeholders across the business
• Solid organizational skills and a track record of succeeding in fast-paced environments
• Understanding of security concepts and a broad range of security risks and controls.

Responsibilities:

• Be the first member of the Governance, Risk, and Compliance team.
• Build and run information security compliance programs aligned with broader business objectives
• Develop policies, standards, and guidelines for ensuring compliance with applicable regulatory requirements
• Write, revise, and manage company-wide information security policies, standards, and procedures.
• Perform security assessments of vendors, third parties, and applications
• Engage partner teams to support the design and implementation of a “risk-first” governance function
• Find opportunities to improve efficiency and effectiveness, designing tools and automations along the way to drive security and compliance by design.
• Identify and assess information security risks to implement appropriate controls to mitigate identified risks, will validate control design and efficiency, and support ongoing risk monitoring and reporting.
• Be a subject matter expert in the GRC space, providing education to colleagues across GlossGenius