Security Analyst - GRC

Remote, USA

Applications have closed

StockX

Buy and sell the hottest sneakers including Adidas Yeezy and Retro Jordans, Supreme streetwear, trading cards, collectibles, designer handbags and luxury watches.

View company page

Help empower our global customers to connect to culture through their passions.

Security Analyst - GRC Job Description

About the role

This hands-on Security Analyst - GRC position will be part of StockX's Information Security Technical Risk Management team, providing oversight, coordination, and delivering the activities supporting successful risk management activities including third parties for StockX. Members of this team work with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet StockX security requirements and mitigate any associated risks. 

What you’ll do

  • Lead risk/security assessments of suppliers and third-party relationships to identify, validate and remediate cybersecurity risks. 
  • Perform interviews, document design assessments and walkthroughs of cybersecurity controls.
  • Support ongoing monitoring of suppliers and third-party to review compliance against compliance and regulatory requirements.
  • Assist in managing technical risk register.
  • Assist with performing quantitative and qualitative analysis for IT processes to produce Key Risk indicators
  • Develop trusted relationships with stakeholders and other team members to gain consensus approvals on strategies, recommendations, findings and project plans etc.
  • Remain current with emerging risks as well as solution trends in the marketplace.
  • Possess an understanding of emerging technologies including but not limited to mobile and cloud technology.
  • Contribute towards process improvement of team processes, templates, and tools.

About you

  • Experience with legal and regulatory compliance standards such as SOC, SOX, GDPR, etc.
  • Knowledge of risk management, risks and controls concepts, principles of ERM and GRC concepts, information security and/or data privacy (e.g ISO27001, NIST)
  • Familiarity with NIST Cybersecurity Framework.
  • Strong understanding of fundamental information security concepts and technology.
  • Experience with IT GRC/IRM platforms is a plus.
  • Experience with IT governance, risk, and compliance management in a large global environment.
  • Excellent written and oral communication skills.
  • Strong work ethic with attention to detail.
  • Ability to excel in a fast-paced and rapidly changing environment
  • 5-7 years of experience with a bachelor's degree in Information Security or equivalent
  • CISSP, CISM, or similar preferred



About Us
StockX is the premier current culture platform for buying and selling authentic, new, sought-after products. Our powerful marketplace connects buyers and sellers for sneakers, apparel, accessories, electronics, collectibles and trading cards around the world. We provide millions of global customers with unprecedented access and market visibility powered by real-time data, allowing them to transact based on true market value. Launched in 2016 in Detroit, Michigan, StockX now employs more than 1,500 people in offices and authentication centers in 11 countries.     We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position. StockX reserves the right to amend this job description at any time.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: CISM CISSP Cloud Compliance GDPR Governance ISO 27001 Monitoring NIST Privacy Risk management Security assessment SOC

Regions: Remote/Anywhere North America
Country: United States
Job stats:  51  13  0
Category: Analyst Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.