GRC and InfoSec Analyst

This is an in-office position in Phoenix, AZ, 5 days per week. As our GRC and InfoSec Analyst, you’re the go-to person for keeping OpenTech’s data, systems, and reputation secure. You’ll implement and manage the policies, checks, and safeguards that protect our infrastructure and ensure we’re prepared for any audit. Daily, you’ll collaborate with colleagues to trace data flow through our systems, identify vulnerabilities, and plan solutions. You’ll work closely with auditors—both internal and external—to gather evidence, resolve findings, and keep leadership informed about our risk landscape. Your primary focus is maintaining full PCI DSS compliance, but you’ll also ensure we adhere to privacy regulations like GDPR, CCPA, DSA, DMA, and Australia’s Privacy Act 1988. By combining technical expertise with a solid understanding of regulations, you’ll help OpenTech stay ahead of threats, reduce risks, and demonstrate to customers and partners that security is a top priority. Key Responsibilities • Draft, maintain, and socialize cybersecurity, privacy, and risk policies and procedures. • Perform regular risk assessments, document findings and track remediation to closure. • Monitor compliance with PCI DSS, GDPR, CCPA, DSA, DMA, and other relevant frameworks. • Coordinate and support internal and external audits, supplying evidence and managing follow-ups. • Implement and oversee technical and administrative controls that reduce risk and meet regulatory requirements. • Maintain metrics and dashboards that summarize compliance status and risk posture for leadership. • Track global regulatory changes and update internal practices accordingly. • Support data-privacy initiatives across products and services, ensuring lawful processing and secure handling of personal data. • Collaborate with Legal, Development, Operations, and Product teams to embed security and compliance into projects and daily activities. • Serve as an internal subject-matter resource on GRC best practices, tools, and emerging threats. Skills Required • Working knowledge of PCI DSS, GDPR, CCPA, DSA, DMA, and other global regulations. • Proficiency with risk-management concepts, control frameworks, and GRC platforms. • Solid grasp of cybersecurity principles, threat landscapes, and security tooling (SIEM, EDR, firewalls, IDS/IPS, PAM). • Strong analytical and problem-solving abilities; comfortable interpreting audit evidence and technical data. • Clear, concise written and verbal communication suited to technical and non-technical audiences. • Ability to prioritize, manage multiple projects, and meet deadlines in a fast-paced environment. Education & Certifications • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field. • Preferred certifications: CISSP, CISM, CRISC (or comparable security/governance credentials). Experience • 1–3 years in a dedicated GRC, security-compliance, or risk role. • 4+ years overall enterprise IT experience. • 2+ years hands-on information-security experience within a corporate environment. Physical Requirements • Frequent use of the computer, keyboard, and standard office equipment. • Ability to sit or stand at a workstation for extended periods. • Occasional movement of documents or equipment up to 15 lbs. • Regular verbal communication via phone, video, and in-person meetings. • Periodic travel (up to 10%) for audits, training, or compliance reviews. Disclaimer The statements above describe the general nature of this position and are not an exhaustive list of all responsibilities, duties, or qualifications. Management reserves the right to amend duties or assign new tasks at any time in response to business needs. Job Type: Full-time Pay: $90,000.00 - $100,000.00 per year Benefits: • 401(k) • 401(k) matching • Dental insurance • Employee assistance program • Flexible spending account • Health insurance • Health savings account • Life insurance • Paid time off • Tuition reimbursement • Vision insurance Application Question(s): • Do you now, or will you in the future, require a Visa or an updated Visa? • Do you live in the Greater Phoenix Metro Area? Experience: • Cybersecurity: 4 years (Preferred) • IT support: 4 years (Preferred) • PCI DSS: 4 years (Preferred) • GDPR: 4 years (Preferred) • Compliance management: 4 years (Preferred) Ability to Commute: • Phoenix, AZ 85029 (Required) Work Location: In person