Security Privacy, Trust, and GRC Analyst II

Individual Contributor
Remote-Friendly
Remote, US
Posted 1 year ago
This position has been filled
Experience level: 2+ years

This content was reproduced from the employer’s website on March 17, 2023. Please visit their website below for the most up-to-date information about this position.

Workrise is hiring an Analyst II, Security Privacy, Trust, and GRC that will be responsible for assisting in the development and management of the data privacy, customer trust, and security governance, risk, and compliance functions. This role will initially support the development and maintenance of foundational elements of the functions and grow into the ownership of multiple compliance programs or functions. Our ideal candidate for this role will be someone who has multiple years of experience in the privacy, trust, or GRC space but wants to learn and grow across all functions and who is eager to learn, analytical, and diligent.

Why Join us? Our Security Privacy, Trust, and GRC team at Workrise is helping to build a modern and scalable platform for the future of the skilled labor workforce. You will be building and then owning security functions within the security organization. You will have the opportunity to engage with stakeholders and control owners across the organization as you work to build out all of the necessary pieces of privacy, trust, and GRC. You will have the opportunity to provide real impact in moving the ball forward for privacy, trust, and GRC to allow Workrise to scale, grow, and win new business.

What you’ll be doing:

Assist in the development and management of the information security policies and standards in concert with stakeholders from across the organization
Assist in the development and operation of the cyber risk management program
Assist in the execution of cyber risk assessments for business processes, technology, and products
Track open risk items to ensure milestones are achieved and risk owners are supported
Support the development and management of security compliance programs for industry security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc.)
Collaborate with control owners and other stakeholders across the organization on GRC and other security initiatives
Assist in the maintenance of a common control framework and the implementation of GRC tooling
Performance of security IT audits to include evidence lifecycle management, control walkthrough scheduling and execution, documentation of control GAPs, and management of corrective action plans
Build relationships with other departments and a broad range of Workrise employees at various levels to accomplish program objectives and further Security goals
Respond to requests from external parties regarding the state of security at Workrise (questionnaires, evidence requests, etc.)
Assist in the development of the Customer Trust function
Facilitate external audits by customers and certification bodies through the management of the audit lifecycle
Assist in the response and notification process for the breach of sensitive and/or personal information

What you should have:

Bachelor’s degree in computer science, information systems management, cybersecurity, information assurance or related field or equivalent relevant experience
2+ years of technical professional experience in IT audit, IT risk management, or security governance
Solid experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc.)
Understanding and experience with cyber risk management and mitigation
Experience across most control domains (i.e., access management, change management, security operations, etc.)
Working knowledge of multiple industry accepted information security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc)
Experience with public cloud solution providers (AWS, Azure, and/or Google)
Exposure to and/or understanding of GRC tooling
Good written and verbal communication skills
Strong work ethic, critical thinking, and attention to detail

Nice to have but not required:

Posses multiple industry accepted information security certifications (CISA, CISSP, CRISC, CCSK, CIPPP, etc)
Experience in the oil and gas industry

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.