GRC Risk Analyst

Job Title: GRC Risk Analyst
Reports to: Information Security Risk Lead
Location: Los Angeles, CA
Job Class: Exempt
About SHEIN:
SHEIN Distribution Corporation distributes SHEIN's products in the U.S. Founded in 2012, SHEIN is a leading global online retailer and marketplace with operations in Los Angeles, Singapore and Guangzhou, along with other key markets. SHEIN reaches consumers across more than 150 countries and regions around the world. We place a premium on choice, delivering more than 6,000 new fashion, beauty and lifestyle products daily with more than a million items available. Our mission is to help people express their individuality through the latest trends that are accessible and affordable. To learn more about SHEIN, follow us at shein.com, sheingroup.com, instagram.com/sheinofficial and youtube.com/shein.
Position Summary:
The GRC Risk Analyst is responsible for identifying, assessing, and managing security and privacy risk. This position will be part of a team of governance, risk, and compliance experts and work with technology and legal partners and business units to meet our global risk management needs.
The ideal candidate should have practical experience in conducting security and privacy risk assessments, a good understanding of general security technologies and best practices, and knowledge of global data privacy laws and regulations. This role must collaborate effectively with development, engineering and operations counterparts as well as internal and external partners to identify, articulate, prioritize, manage, and monitor security risks to protect SHEIN data, services, and information assets.
Core Responsibilities:

• Conduct security and privacy risk assessments of business units, critical processes and information assets.
• Conduct third-party risk assessments and security reviews of third-party agreements.
• Work closely with technology and legal partners and business units to ensure appropriate security and data protection requirements are incorporated into third-party engagements.
• Prepare risk assessment reports to inform risk treatment decisions.
• Track and monitor remediation and risk management activities.
• Deploy the risk management framework, processes, and tools to conduct risk assessments effectively and consistently.
• Develop, implement, mature, and champion risk management processes and concepts.
• Maintain a current and comprehensive understanding of relevant industry standards to incorporate into the risk management strategy, framework, and program.
• Support integration and maturation of policy, compliance, and risk frameworks.

Skills and Qualifications:

• A minimum of 3 years of experience in information security risk management, including business impact analysis, risk assessment and treatment, risk metrics and trend analysis
• Possess a bachelor's degree or higher in the field of information security, engineering, computer science or equivalent advance technology field of study
• Relevant security certifications, such as CISSP, CIPT, CIPP, CISM, CISA, ISO 27001 Lead Auditor are highly desired
• Strong knowledge of security and data privacy standards, regulations and guidelines such as ISO 27k, GDPR, CCPA, NIST, PCI DSS
• Experience developing and deploying risk management frameworks and programs, preferably with international experience in an e-commerce or technology related industry
• Experience with deploying GRC tools is desirable
• Strong analytical and problem-solving skills
• Strong written and verbal communication skills, with the ability to translate complex and technical issues to all levels of personnel
• Detail oriented and highly organized, with the ability to thrive in a fast-paced environment and prioritize accordingly
• High level of personal integrity, with the ability to professionally handle confidential matters and exudes the appropriate level of judgment and maturity

SHEIN is an equal opportunity employer committed to a diverse workplace environment.
Pay: $75,300.00 min - $114,800.00 max annually