Security Analyst - GRC
Remote, USA
StockX
Buy and sell the hottest sneakers including Adidas Yeezy and Retro Jordans, Supreme streetwear, trading cards, collectibles, designer handbags and luxury watches.Help empower our global customers to connect to culture through their passions.
Security Analyst - GRC Job Description
About the role
This hands-on Security Analyst - GRC position will be part of StockX's Information Security Technical Risk Management team, providing oversight, coordination, and delivering the activities supporting successful risk management activities including third parties for StockX. Members of this team work with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet StockX security requirements and mitigate any associated risks.
What you’ll do
- Lead risk/security assessments of suppliers and third-party relationships to identify, validate and remediate cybersecurity risks.
- Perform interviews, document design assessments and walkthroughs of cybersecurity controls.
- Support ongoing monitoring of suppliers and third-party to review compliance against compliance and regulatory requirements.
- Assist in managing technical risk register.
- Assist with performing quantitative and qualitative analysis for IT processes to produce Key Risk indicators
- Develop trusted relationships with stakeholders and other team members to gain consensus approvals on strategies, recommendations, findings and project plans etc.
- Remain current with emerging risks as well as solution trends in the marketplace.
- Possess an understanding of emerging technologies including but not limited to mobile and cloud technology.
- Contribute towards process improvement of team processes, templates, and tools.
About you
- Experience with legal and regulatory compliance standards such as SOC, SOX, GDPR, etc.
- Knowledge of risk management, risks and controls concepts, principles of ERM and GRC concepts, information security and/or data privacy (e.g ISO27001, NIST)
- Familiarity with NIST Cybersecurity Framework.
- Strong understanding of fundamental information security concepts and technology.
- Experience with IT GRC/IRM platforms is a plus.
- Experience with IT governance, risk, and compliance management in a large global environment.
- Excellent written and oral communication skills.
- Strong work ethic with attention to detail.
- Ability to excel in a fast-paced and rapidly changing environment
- 5-7 years of experience with a bachelor's degree in Information Security or equivalent
- CISSP, CISM, or similar preferred
StockX is the premier current culture platform for buying and selling authentic, new, sought-after products. Our powerful marketplace connects buyers and sellers for sneakers, apparel, accessories, electronics, collectibles and trading cards around the world. We provide millions of global customers with unprecedented access and market visibility powered by real-time data, allowing them to transact based on true market value. Launched in 2016 in Detroit, Michigan, StockX now employs more than 1,500 people in offices and authentication centers in 11 countries. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position. StockX reserves the right to amend this job description at any time.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISM CISSP Cloud Compliance GDPR Governance ISO 27001 Monitoring NIST Privacy Risk management Security assessment SOC
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs