Security Privacy, Trust, and GRC Analyst II

  • Individual Contributor
  • Remote-Friendly
  • Remote, US
  • This position has been filled
  • Experience level: 2+ years
This content was reproduced from the employer’s website on March 17, 2023. Please visit their website below for the most up-to-date information about this position.

Workrise is hiring an Analyst II, Security Privacy, Trust, and GRC that will be responsible for assisting in the development and management of the data privacy, customer trust, and security governance, risk, and compliance functions. This role will initially support the development and maintenance of foundational elements of the functions and grow into the ownership of multiple compliance programs or functions. Our ideal candidate for this role will be someone who has multiple years of experience in the privacy, trust, or GRC space but wants to learn and grow across all functions and who is eager to learn, analytical, and diligent.

Why Join us? Our Security Privacy, Trust, and GRC team at Workrise is helping to build a modern and  scalable platform for the future of the skilled labor workforce. You will be building and then owning security functions within the security organization. You will have the opportunity to engage with stakeholders and control owners across the organization as you work to build out all of the necessary pieces of privacy, trust, and GRC. You will have the opportunity to provide real impact in moving the ball forward for privacy, trust, and GRC to allow Workrise to scale, grow, and win new business.

What you’ll be doing:

  • Assist in the development and management of the information security policies and standards in concert with stakeholders from across the organization
  • Assist in the development and operation of the cyber risk management program
  • Assist in the execution of cyber risk assessments for business processes, technology, and products
  • Track open risk items to ensure milestones are achieved and risk owners are supported
  • Support the development and management of security compliance programs for industry security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc.)
  • Collaborate with control owners and other stakeholders across the organization on GRC and other security initiatives
  • Assist in the maintenance of a common control framework and the implementation of GRC tooling
  • Performance of security IT audits to include evidence lifecycle management, control walkthrough scheduling and execution, documentation of control GAPs, and management of corrective action plans
  • Build relationships with other departments and a broad range of Workrise employees at various levels to accomplish program objectives and further Security goals
  • Respond to requests from external parties regarding the state of security at Workrise (questionnaires, evidence requests, etc.)
  • Assist in the development of the Customer Trust function
  • Facilitate external audits by customers and certification bodies through the management of the audit lifecycle
  • Assist in the response and notification process for the breach of sensitive and/or personal information

What you should have:

  • Bachelor’s degree in computer science, information systems management, cybersecurity, information assurance or related field or equivalent relevant experience
  • 2+ years of technical professional experience in IT audit, IT risk management, or security governance
  • Solid experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc.)
  • Understanding and experience with cyber risk management and mitigation
  • Experience across most control domains (i.e., access management, change management, security operations, etc.)
  • Working knowledge of multiple industry accepted information security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc)
  • Experience with public cloud solution providers (AWS, Azure, and/or Google)
  • Exposure to and/or understanding of GRC tooling
  • Good written and verbal communication skills
  • Strong work ethic, critical thinking, and attention to detail

Nice to have but not required:

  • Posses multiple industry accepted information security certifications (CISA, CISSP, CRISC, CCSK, CIPPP, etc)
  • Experience in the oil and gas industry