GRC Analyst

The Role

As a Governance Risk Management and Compliance (GRC) security analyst you will hold a pivotal and respected position within our organization. Your primary responsibility is to support our security initiatives and enhance our overall security stance. You'll play a crucial part in aligning our security strategy with both existing and emerging information systems. This means you'll need to grasp the intricacies of our legacy systems as well as stay abreast of new technologies and requirements.

The ideal candidate for this position is someone with a strong technical background and a minimum of five years of experience in security compliance or risk management. You'll be overseeing our compliance with various standards and regulations including the Gramm-Leach-Bliley Act (GLBA) Sarbanes-Oxley Act (SOX) General Data Protection Regulation (GDPR) Health Information Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS).

Working closely with our security leadership you'll continuously evaluate and validate the effectiveness of our security program. You'll serve as the main point of contact for both internal and external auditors ensuring that any outstanding issues related to compliance or security threats are addressed promptly.

What you will be doing:

• Conduct enterprise-wide risk analysis in collaboration with compliance and security teams identifying strengths and weaknesses in security programs.

• Maintain oversight of GRC-related platform usage and administration ensuring adherence to privacy security and compliance frameworks.

• Monitor third parties vendors and business partners to mitigate external risks escalating issues to security management and business leads.

• Analyze findings and recommend security improvement initiatives that balance risk with operational efficiency and innovation reporting gaps to security leadership.

• Stay informed about security changes affecting regulatory compliance and industry best practices applying GRC expertise to key business areas.

• Define and track qualitative and quantitative metrics for assessing security program effectiveness providing regular reports to security and business leaders.

• Ensure up-to-date configuration documentation and oversight of security systems and processes to minimize enterprise risk participating in incident response activities as needed.

• Collaborate with security audit and risk management leaders to conduct ongoing program assessments and develop strategic technology and budget plans serving as a liaison with auditors and overseeing disaster recovery and business continuity efforts.

What you should have:

• Bachelor’s degree in computer science information assurance MIS or related field or equivalent industry experience.

• At least 5+ years’ experience in cybersecurity as a practitioner and 2 to 3+ years' exposure to various security frameworks.

• Strong business acumen and security technology skills for well-rounded proficiency and proven ability to align with security practices and compliance responsibilities.

• Experience and understanding of various regulatory requirements and laws including but not limited to PCI SOX HIPAA GDPR and GLBA. Additional experience in one or more of the following: ISO 27001/2 ITIL or NIST.

• Exceptional written and verbal communication skills and a proven ability to translate security and risk to all levels of the business.

• The capacity to understand legacy and progressive technology security controls and respective risks. Working knowledge of technologies such as cloud computing DevOps and application security is required.

• Up-to-date understanding of a wide range of incident response system configuration vulnerability management and hardening guidelines.

• Track record of acting with integrity taking pride in work seeking to excel being curious and adaptable and communicating effectively.

• Holds or is working toward one or more of the following: CISSP CRISC CGEIT or GRCP.

What we hope you have:

• Prior team leadership experience preferred.

• Preferred experience with cloud environments such as Amazon Web Services (AWS) and Microsoft Azure.

• Prior experience with leading GRC systems from vendors such as Vanta RSA MetricStream and IBM.

• Demonstrated problem-solving capabilities and ability to manage complex local and international security requirements.

• Self-motivated directed and well-organized with the vision to position controls in anticipation of threats.

• Successful track record of managing external entities’ contracts and relationships and mitigating risks to business development opportunities.

• Familiarity with state federal and international privacy laws.

• Highly trustworthy; leads by example.

Benefits:

• Open and transparent culture

• Life insurance long and short-term disability coverage

• Paid maternity and paternity leave

• Fertility Benefits

• Generous vacation time plus three 4-day summer holiday weekends

• Excellent medical dental and vision benefits

• 401k Plan with competitive company matching

• Bi-annual swag drops with cool Podium gear and apparel

• A stellar HQ (Utah) gym with local professional coaches and classes offered

• Onsite HQ (Utah) child care center subsidized for employees

• Additional benefits for fully remote employees

Podium is an equal opportunity employer. Podium provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race color religion gender national origin sexual orientation gender identity or expression age disability genetic information marital status or veteran status.