Sr. GRC Compliance Analyst

TITAN TECHNOLOGIES
Orlando, FL
07 Feb 2025

Vacancy expired!

In this role we are looking for a person to help support and lead the day-to-day work involved with security assessments and audits on our systems and applications. Partner with leadership in providing guidance and support to the team that manages the day-to-day, in addition to driving more of the bigger security compliance initiatives.Here are some things to consider when reviewing candidates for this position:

  • This position is a more “senior” level position and candidates should have a minimum of 5 years’ experience in an IT role focusing on information security and IT compliance
  • Candidates should have PCI and PCI Program Management; must have ran at least 2-3 PCI audits, have extensive knowledge of P2PE and E2EE solutions and scope reduction within a PCI context, and is well-versed in PCI compliance for eCommerce solutions
  • Would like to see a solid background in SOX and IT controls in an enterprise-wide environment
NOTE: Responsibilities with SOX in this position would be quite minimal, so we can be somewhat flexible in this skill set
  • Would like to see experience in Privacy; having familiarity with legal, regulatory, and compliance requirements within the IT domain, which carry over into privacy and security (particularly having experience with California privacy laws and individual state breach notification laws)
  • Continuous Monitoring experience with continuous monitoring programs and technologies, particularly in ensuring ongoing compliance using automated controls and workflows where possible NOTE: this is something that we would like this person to build and expand upon here w/in our organization
  • Working knowledge and experience in using GRC Platforms and automated toolsets to support internal and external compliance initiatives with an emphasis on PCI
NOTE: OneTrust is the toolset we are leaning toward at this time
  • Strong understanding of Third Party Risk Management, knowledge of risk assessment, experience with internal audit, enterprise risk management, and staying informed on changes to the legal and regulatory compliance landscape would also be desirable
  • Certifications are preferred but not required

SENIOR GOVERNANCE, RISK AND COMPLIANCE (GRC) ANALYSTThe Senior Governance, Risk and Compliance (GRC) Analyst works in support of IT Security compliance requirements and company risk tolerance. This role ensures that adequate and effective security processes, controls, and lifecycles are followed and aligned to deliver compliance with security policy and regulatory requirements. The Sr. GRC Analyst supports the security compliance program, tracking completion and remediation of compliance activities, and documenting compliance program evidence. This role works with a wide variety of people from different internal customer organizational units to track and maintain compliance activities throughout the organization when and where IT systems are utilized.

ROLES AND RESPONSIBILITES: -Works as a senior team member in the Cybersecurity Department focusing on GRC processes and initiatives, acting as the central point of contact and collaborating with other organization units within the company in these matters-Supports the companies GRC program, ensuring the identification, tracking, prioritization, and remediation of all internal and external compliance requirements; also supports Internal Audit activities and remediation requirements-Ensures adequate and effective IT controls exist to meet applicable current and future compliance requirements found in laws, regulations, frameworks such as requirements to comply with SOX (Sarbanes-Oxley), SSAE 16 SOC I & II, PCI (Payment Card Industry) Security Standards, HIPAA, state and federal privacy law-Supports and updates a centralized repository of security controls aligned with corporate, regulatory, security framework requirements-Coordinates selected tests of information security measures, including targeted penetration attacks, vulnerability scans, and other configurable controls reviews-Coordinates the GRC efforts of all internal and outsourced functions that have one or more information security-related responsibilities, to ensure that organization-wide GRC efforts are consistent-Understands the fundamental business activities performed by company, and based on this understanding, aligns appropriate information security solutions that adequately protect these activities-Mentor and train junior members of the GRC team-Support vendor risk management program-Support risk management program-Support vulnerability management program-Learn, understand, utilize and administer a GRC platform-Perform and present assessment findings to a cross-functional teams such as product, engineering, legal and IT teams-Deploy company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practices. Provide metrics to leadership.-Provide vulnerability management reporting including patch management tracking and software code analysis reports. Meet with product owners for accountability.-Perform identity management reviews from automated and manual systems-Stay current and informed on developing regulatory concerns and changing IT and information security trends-Performs other duties as assigned

REQUIRED TECHNICAL SKILLS: -5+ years of experience in an IT role focusing on information security and IT compliance-Knowledge of regulatory compliance regulations (PCI, SOX, PII)-Practical experience with NIST, COBIT, ISO and other regulatory frameworks-Experience assessing risk using formal risk methodologies across varying security domains in different contexts such as product, project and vendor risk assessments-Experience in managing multiple customers or projects with competing priorities-Deep understanding of technical and organizational security vulnerabilities, threats and risks-Knowledge of information technology systems and processes, network infrastructure, data architecture, data processes and protocols-Experience with creating and maintaining high quality documentation related to IT processes including flowcharts and dataflow diagrams-Strong project management skills and organizational skills demonstrated ability to complete assignments timely and effectively-Must be able to effectively interact with other teams across the organization-Ability to manage multiple tasks along a parallel process-Ability to develop security standards and guidelines based on best practices and industry standards

REQUIRED EDUCATION: -Bachelor’s degree in Computer Science, Information Technology, or a relevant field, or equivalent experience.

OTHER KEY QUALIFICATIONS: -Strong familiarity with PCI and SOX security requirements and controls-Ability to maintain accurate and detailed notes regarding compliance issues. -Ability to work efficiently with multiple compliance frameworks and deadlines. -Ability to establish and maintain strong working relationships with business partners across the enterprise.-Ability to quickly take direction from the primary Sr. Compliance Analysts and Team Leads without a formal training structure.-Excellent relationship-building skills and cultural awareness, along with the ability to work effectively in a matrixed environment-Capable of delivering results through a position of influence-Ability to maintain industry relationships and look to all sources available to develop the best technology strategies-Ability to multi-task in a fast-paced environment

PREFERRED SKILLS AND EXPERIENCES: -CISA or CISSP certification preferred-MSCE, CISM, and other technical certification strongly preferred
  • ID: #49061948
  • State: Florida Orlando 32801 Orlando USA
  • City: Orlando
  • Salary: $120,000 - $125,000
  • Job type: Permanent
  • Showed: 2023-02-07
  • Deadline: 2023-04-07
  • Category: Et cetera