GRC Assurance Analyst I

Job Title: GRC Assurance Analyst I
Reports to: Head of GRC
Job Location: Los Angeles, CA, USA
Job Status: Exempt, FT
About SHEIN
SHEIN is a global fashion and lifestyle e-retailer committed to making the beauty of fashion accessible to all. We use on-demand manufacturing technology to connect suppliers to our agile supply chain, reducing inventory waste and enabling us to deliver a variety of affordable products to customers around the world. From our global offices, we reach customers in more than 150 countries. Founded in 2012, SHEIN has nearly 10,000 employees operating from offices around the world, with U.S. Headquarters located in Los Angeles and Global Headquarters located in Singapore. In SHEIN, we work with outstanding, creative, and capable peers. We share an energetic and open culture for capable people to discern, work and ignite as a team.
Position Summary
SHEIN Global Security and Risk Management (GSRM) is a global security organization that oversees security infrastructure, risk management, data privacy, business fraud, governance, and regulatory compliance across SHEIN's global footprint. It is composed of a team of security professionals, innovators and thought leaders that have had decades of global security experience, led large scale transformations, and served in Fortune 500 executive roles.
Here, innovation isn't simply about protecting and defending our company. We develop solutions that are practical today and scalable tomorrow; and we create collaborative teams dedicated to innovation across each of our businesses to share our common values and vision.
We are seeking an experienced and skilled GRC Assurance Analyst I to join our team in our Los Angeles-based corporate office. The GRC Assurance Analyst is responsible for assessing compliance with SHEIN security and privacy policies and related regulatory requirements and supporting the compliance management framework and program. This role will also support ongoing auditing, reporting, remediation tracking, and documentation of control enhancements to the environment. This position will be part of a team of governance, risk, and compliance experts and work with technology and legal partners and business units to meet our global security compliance needs.
The ideal candidate should have experience in assessing compliance management frameworks and programs, a good understanding of general security technologies and best practices, and knowledge of global data privacy laws and regulations. This role must collaborate effectively with development, engineering and operations counterparts as well as internal and external partners to assess, report, and maintain compliance against applicable security industry standards and regulatory requirements.
Job Responsibilities

• Conduct periodic internal reviews or audits against internal policies and standards to ensure that compliance procedures are followed and discuss emerging security compliance issues with the leadership team
• Assist with managing the compliance program, including issues analysis, monitoring health of controls, audit management, identifying and improving processes and controls, and tracking status of corrective actions
• Facilitate with external auditors to ensure timely completion of annual security audits (e.g., ISO27001, SOC 2)
• Maintain a current and comprehensive understanding of relevant industry standards to incorporate into the compliance management strategy, framework, and program
• Support integration and maturation of policy, compliance, and risk frameworks
• Partner with business, IT, Legal, and other teams across the company to perform privacy assessments and help identify risk mitigation solutions

Job Requirements

• A minimum of 3 years of experience in information security and privacy compliance and assurance, including compliance assessment, audit, controls monitoring, and compliance metrics
• Possess a bachelor's degree or higher in the field of information security, engineering, computer science or equivalent advance technology field of study
• Relevant security certifications, such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, CIPT, CIPP are highly desired
• Strong knowledge of security and data privacy standards, regulations and guidelines such as ISO 27k, SOC 2, PCI DSS, NIST, CIS, GDPR, CCPA, CPRA, ePD
• Experience developing and deploying compliance management frameworks and programs, preferably with international experience in an e-commerce or technology related industry
• Experience working with UCF is desirable
• Experience with deploying GRC tools (e.g., ServiceNow) is desirable
• Strong analytical and problem-solving skills
• Strong written and verbal communication skills, with the ability to translate complex and technical issues to all levels of personnel
• Detail oriented and highly organized, with the ability to thrive in a fast-paced environment and prioritize accordingly
• High level of personal integrity, with the ability to professionally handle confidential matters and exudes the appropriate level of judgment and maturity

Pay
$92,000.00 min - $148,700.00 max annually. Bonus offered.
Benefits and Culture
Healthcare (medical, dental, vision, prescription drugs)
Health Savings Account with Employer Funding
Flexible Spending Accounts (Healthcare and Dependent care)
Company-Paid Basic Life/AD&D insurance
Company-Paid Short-Term and Long-Term Disability
Voluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident)
Employee Assistance Program
Business Travel Accident Insurance
401(k) savings plan with discretionary company match and access to a financial advisor
Vacation, Paid holidays and sick days
Employee Discounts
Perks (HQ Location)
Free weekly catered lunch at HQ
Dog-Friendly office
Free Gym Access at HQ
Free Swag Giveaways
Annual Holiday Party
Invitations to pop-ups and other company events
Complimentary daily office snacks and beverages
Free Shuttle Service from HQ to LA Union Station
SHEIN Distribution is an equal opportunity employer committed to a diverse workplace environment.