Senior Information Security Analyst, GRC
Brooklyn, NY, United States
Etsy
Find the perfect handmade gift, vintage & on-trend clothes, unique jewelry, and more… lots more.Company Description
Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. As an Etsy Inc. employee whether a team member of Etsy, Reverb, or Depop you will tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human
Job Description
What’s the role?
We are looking for a Senior Information Security Governance, Risk and Compliance (GRC) Analyst to help Etsy evolve, mature, and grow our governance, risk, and compliance program.
You will play an important role in operationalizing and scaling enduring programs that protect our customers, employees, and our business, reduce security and privacy risk, and foster trust internally and externally. This team helps Etsy keep commerce human, secure, and privacy preserving.
As the program lead, you will be responsible for orchestrating the operations for the major pillars including our vendor security review process, policy development, risk reviews, and compliance adherence for Etsy and our subsidiaries. You will monitor and communicate progress and collaborate effectively across Engineering, Product, Legal, Compliance, and many other functions and organizations to deliver impact.
This is a full-time position reporting to the Senior Director, Security and Privacy Engineering, and the base salary range will be $114,000 - $148,000 USD per year. In addition to salary, you will also be eligible for an equity package, an annual performance bonus, and our competitive benefits that support you and your family as part of your total rewards package at Etsy.
This role requires your presence in Etsy’s Brooklyn Office once or twice per week depending on your proximity to the office. Candidates living within commutable distance of Etsy’s Brooklyn Office Hub may be the first to be considered. Learn more details about our work modes and workplace safety policies here.
What does the day-to-day look like?
Build, manage and lead our Governance, Risk, and Compliance program
Be an ambassador for security and privacy programs to the broader Etsy company and the external security and privacy community
Be a voracious learner and quickly ramp up across the various domains of Security and Privacy in support of the program they’ll own
Improve on existing frameworks, processes and standardized templates related to various stages of security & privacy requirements and reviews
Contribute to the architecture, maintenance and development of security & privacy controls
Build credibility, establish rapport, and maintain strong relationships with collaborators at multiple levels, in different functions
Produce transparent and effective communication to stakeholders regarding program progress, flags and decisions throughout its lifecycle
Identify gaps in the program’s operations, build scaffolding to fix them, and assess your practices to see if they’re suitably effective
Zoom in and zoom out, to see how all the moving parts should tie together, and systemize them into a functioning program aligned to a single set of objectives
Of course, this is just a sample of the kinds of work this role will require! You should assume that your role will encompass other tasks, too, and that your job duties and responsibilities may change from time to time at Etsy's discretion, or otherwise applicable with local law.
Qualifications
Qualities that will help you thrive in this role are:
6-8 years of relevant work experience as a Security Analyst, TPM, or related field
In depth experience in the information security GRC domain within a technology company, specifically
Experience working across engineering and non-engineering teams simultaneously
Experience driving programs in a change-oriented, fast-paced cross functional environment
Excellent communication skills across technical and non-technical collaborators. Great attention to detail and ability to adapt communication for each audience and channel.
Operational approach. Experience creating and driving processes which smooth execution without creating undue burden. Ability to maintain order in times of ambiguity and changing priorities.
Work courageously and proactively to define and contain complicated problems, prioritize effectively, and deliver quickly
Able to influence outcomes without relying on reporting lines or organizational hierarchy
Have developed or lead a GRC program
Passionate about the GRC space!
You are an excellent collaborator and know how to communicate effectively with partners and stakeholders
You have negotiation skills when it comes to prioritizing work and balancing business needs against security and privacy risk
Additional Information
What's Next
If you're interested in joining the team at Etsy, please share your resume with us and feel free to include a cover letter if you'd like. As we hope you've seen already, Etsy is a place that values individuality and variety. We don't want you to be like everyone else -- we want you to be like you! So tell us what you're all about.
Our Promise
At Etsy, we believe that a diverse, equitable and inclusive workplace furthers relevance, resilience, and longevity. We encourage people from all backgrounds, ages, abilities, and experiences to apply. Etsy is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If, due to a disability, you need an accommodation during any part of the interview process, please let your recruiter know. While Etsy supports visa sponsorship, sponsorship opportunities may be limited to certain roles and skills.
Tags: Compliance Governance Privacy
Perks/benefits: Career development Competitive pay Equity Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs