Information Security Analyst - GRC

Why you’ll love this role

This hands-on Security Analyst - GRC position will be part of StockX's Information Security Technical Risk Management team, leading efforts to document, communicate, and execute the security program. Members of this team work with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet StockX security requirements, mitigate risks, and ensure compliance. This is a critical IC role on the StockX Information Security team and will work with several stakeholders in Product, Engineering, Operations, Customer Service, Safety & Trust, & IT.

What you’ll do

• Drive and define governance processes/controls
• Lead development of responses to inquiries and evidence requests for anything related to security
• Develop and maintain an in-depth knowledge of our cybersecurity program and practices and the correlation to business outcomes
• Develop a broad understanding around the implementation of the organization’s security controls through end-to-end process analysis
• Build teamwork and synergies among personnel throughout the organization working closely with counterparts within other areas of the business and external firms where applicable
• Develop trusted relationships with stakeholders and other team members to gain consensus approvals on strategies, recommendations, findings and project plans etc.
• Provide support activities that enable and ensure that StockX is ready to meet and demonstrate compliance with security standards, regulatory requirements and contractual obligations.
• Drive large complex cross-team security initiatives.
• Track progress, resolve dependencies, evaluate risks and communicate status to upper management and stakeholders.  Engage and energize program teams to achieve aggressive goals.

About you

• Experience with legal and regulatory compliance standards such as SOC, SOX, GDPR, etc.
• Knowledge of risk management, risks and controls concepts, principles of ERM and GRC concepts, information security and/or data privacy (e.g ISO27001, NIST)
• Familiarity with NIST Cybersecurity Framework.
• Strong understanding of fundamental information security concepts and technology.
• Strong project/program management background
• Experience with IT GRC/IRM platforms is a plus.
• Possess an understanding of emerging technologies including but not limited to mobile and cloud technology.
• Experience with IT governance, risk, and compliance management in a large global environment.
• Excellent written and verbal communication skills.
• Strong work ethic with attention to detail.
• Ability to excel in a fast-paced and rapidly changing environment
• Strong organizational skills
• 5-7 years of experience with a bachelor's degree in Information Security or equivalent or 2-3 years with a master’s degree
• CISSP, CISM, CSM, PMP or similar preferred

Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.

Pursuant to the various pay transparency laws/acts, the base salary range is $120,000 to $135,000 plus opportunities for benefits (e.g., medical, dental), equity and discretionary bonuses. Compensation is dependent on geography and may vary.