Governance Risk & Compliance (GRC) Analyst II (Entry Level)
San Antonio, TX, United States
Company Description
Vericast is a premier marketing solutions company that accelerates profitable revenue growth for the 70,000 businesses it serves directly by influencing consumer purchasing and transaction behavior at scale while engaging with over 120 million households daily. We are recognized as leading providers of incentives, advertising, marketing services, transaction solutions, customer data and cross-channel campaign management, and intelligent media delivery that create millions of customer touch points annually for their clients. For more information, visit http://www.vericast.com or follow Vericast on LinkedIn.
Job Description
Vericast is looking for a GRC Analyst II to join our growing Security Compliance Team! The Governance, Risk, and Compliance (GRC) Analyst is responsible for documenting, assessing, and supporting Vericast’s compliance and risk management processes as they relate to the management, security, and protection of our information assets and systems. Working as part of the Compliance Center of Excellence (CCoE) in the Information Security and Privacy Group (ISPG), this position provides proficiency in the areas of audit, technology, security, and privacy to support regulatory, contractual, and industry requirements.
The GRC Analyst will help ensure technology, security, and privacy requirements are met across the enterprise. These requirements include documenting and tracking both technical and policy-based control compliance; supporting ISPG business processes; and assisting CCoE leadership and SMEs in client and third-party security audits such as Service Organization Control Reporting (SOC 1 and SOC 2), Payment Card Industry Data Security Standard (PCI DSS), and industry assessments such as TruSight and SIG surveys.
This position requires basic familiarity and experience with information technology and security concepts and practices, including program governance, control alignment activities, and compliance audits. This position will support and collaborate with CCoE team members and subject matter experts (SMEs) across functional areas to help meet CCoE, ISPG, and Vericast objectives.
KEY DUTIES/RESPONSIBILITIES
- Support client compliance audits/assessments (annual audits and due diligence requests for information), Internal Audit, and external auditors (SOC 1, SOC 2, PCI DSS, FSA, etc.).
- Contribute to ISPG initiatives and processes including vendor risk management, IT security reviews and implementations, data governance, and security training and awareness programs.
- Actively learn and grow SME specific skills and experience in one or more targeted data protection areas (IT compliance, information security, privacy, etc.) to support overarching CCoE objectives.
- Support and contribute to CCoE compliance activities and initiatives, including continuous monitoring activities supporting critical security and data protection processes.
- Collaborate with and support other ISPG teams, including Security Operations and Privacy, to understand and improve existing controls, technologies, and processes across the Compliance team and the company.
Qualifications
EDUCATION
Bachelor’s degree or higher in Computer Science, Management Information Systems, Information Science, or a related discipline.
EXPERIENCE
- Minimum 1-2 years of experience in audit or operations with a focus on compliance of IT, security, and/or privacy programs and controls against industry and/or regulatory standards
- Knowledge and skills relating to data protection (IT, security, privacy) concepts, technologies, and current trends and practices
- Experience supporting compliance audits and assessments
- Experience documenting and supporting the design and implementation of compliance, security, and/or privacy programs, policies, and controls
- Desire to continuously improve processes and share information with the team
- Ability to work across different teams and technologies to develop or improve common compliance processes for a robust data protection culture
CERTIFICATIONS
- An existing certification in a relevant area (ISC2, ISACA, IAPP, or equivalent programs) is a plus, or willingness to pursue certification within the first year
- For recent college graduates, evidence of relevant course work, projects, or internships in specific areas is also acceptable
LEADERSHIP SKILLS
- Exceptional personal and professional integrity and work ethic
- Ability to work across diverse teams and skillsets, including technical and non-technical stakeholders, and mentor and advise those with limited security or compliance knowledge
- Willingness to take on new challenges, manage expectations, and provide feedback both up, down, and sideways
- Results oriented, willing to commit to goals and drive to completion
- Ability to manage conflicting priorities and challenges for mutual success
COMMUNICATION AND RELATIONSHIP SKILLS
- Exceptional communication skills, both written and verbal
- Ability to manage senior relationships across all the business and functional areas
- Ability to navigate through varying company levels across business and functional areas
- Ability to cultivate cooperative and constructive working relationships
- Ability to handle complaints, settle disputes, resolve conflicts, and negotiate with others
- Collaborative team player oriented towards work relationships and strong culture awareness
- Proficient in writing and presenting evidence-based reports to communicate progress, identify challenge areas, and drive continuous improvement
PROJECT MANAGEMENT SKILLS
- Priority setting and alignment of project priorities with business strategy
- Ability to break down complex problems and projects into manageable goals
- Proficiency in evaluating and implementing automated solutions for complex processes
- Effective in building trust, respect, and cooperation among teams
OTHER
This is a security sensitive position. Employee will have access to and/or manage data and other information of a critical and sensitive nature relative to Vericast and its business segments, partner organizations, and/or its clients. Accordingly, the risk associated with the functions of the position requires a more intensive background review.
Supervisory Responsibilities:
Position requires no supervisory experience.
Additional Information
Salary: $70,000/year
The ultimate compensation offered for the position will depend upon several factors such as skill level, cost of living, experience, and responsibilities.
Vericast offers a generous total rewards benefits package that includes medical, dental and vision coverage and generous PTO allowance. A wide variety of additional benefits like life insurance, employee assistance and pet insurance are also available, not to mention smart and friendly coworkers!
At Vericast, we don’t just accept differences - we celebrate them, we support them, and we thrive on them for the benefit of our employees, our clients, and our community. As an Equal Opportunity employer, Vericast considers applicants for all positions without regard to race, color, creed, religion, national origin or ancestry, sex, sexual orientation, gender identity, age, disability, genetic information, veteran status, or any other classifications protected by law. Applicants who have disabilities may request that accommodations be made in order to complete the selection process by contacting our Talent Acquisition team at talentacquisition@vericast.com. EEO is the law. To review your rights under Equal Employment Opportunity please visit: www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf.
#LI-NH1
#LI-Remote
Tags: Audits Compliance Computer Science Governance ISACA Monitoring PCI DSS Privacy Risk management SOC SOC 1 SOC 2 Strategy
Perks/benefits: Career development Health care Insurance Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs