Senior Information Security Analyst, GRC

Company Description

Etsy is the global marketplace for unique and creative goods. We build, power, and evolve the tools and technologies that connect millions of entrepreneurs with millions of buyers around the world. As an Etsy Inc. employee whether a team member of Etsy, Reverb, or Depop you will tackle unique, meaningful, and large-scale problems alongside passionate coworkers, all the while making a rewarding impact and Keeping Commerce Human

Job Description

What’s the role?

We are looking for a Senior Information Security Governance, Risk and Compliance (GRC) Analyst to help Etsy evolve, mature, and grow our governance, risk, and compliance program.

You will play an important role in operationalizing and scaling enduring programs that protect our customers, employees, and our business, reduce security and privacy risk, and foster trust internally and externally. This team helps Etsy keep commerce human, secure, and privacy preserving. 

As the program lead, you will be responsible for orchestrating the operations for the major pillars including our vendor security review process, policy development, risk reviews, and compliance adherence for Etsy and our subsidiaries. You will monitor and communicate progress and collaborate effectively across Engineering, Product, Legal, Compliance, and many other functions and organizations to deliver impact.

This is a full-time position reporting to the Senior Director, Security and Privacy Engineering, and the base salary range will be $114,000 - $148,000 USD per year. In addition to salary, you will also be eligible for an equity package, an annual performance bonus, and our competitive benefits that support you and your family as part of your total rewards package at Etsy.

For this role, we are considering candidates based in the United States. Candidates living within commutable distance of Etsy’s Brooklyn Office Hub or in the San Francisco Bay Area may be the first to be considered. For candidates within commutable distance, Etsy requires in-office attendance once or twice per week depending on your proximity to the office. Etsy offers different work modes to meet the variety of needs and preferences of our team. Learn more details about our work modes and workplace safety policies here.

What does the day-to-day look like?

• Build, manage and lead our Governance, Risk, and Compliance program

• Be an ambassador for security and privacy programs to the broader Etsy company and the external security and privacy community 

• Be a voracious learner and quickly ramp up across the various domains of Security and Privacy in support of the program they’ll own

• Improve on existing frameworks, processes and standardized templates related to various stages of security & privacy requirements and reviews

• Contribute to the architecture, maintenance and development of security & privacy controls

• Build credibility, establish rapport, and maintain strong relationships with collaborators at multiple levels, in different functions

• Produce transparent and effective communication to stakeholders regarding program progress, flags and decisions throughout its lifecycle

• Identify gaps in the program’s operations, build scaffolding to fix them, and assess your practices to see if they’re suitably effective

• Zoom in and zoom out, to see how all the moving parts should tie together, and systemize them into a functioning program aligned to a single set of objectives

• Of course, this is just a sample of the kinds of work this role will require! You should assume that your role will encompass other tasks, too, and that your job duties and responsibilities may change from time to time at Etsy's discretion, or otherwise applicable with local law.

Qualifications

Qualities that will help you thrive in this role are:

• 6-8 years of relevant work experience as a Security Analyst, TPM, or related field 

• In depth experience in the information security GRC domain within a technology company, specifically

• Experience working across engineering and non-engineering teams simultaneously

• Experience driving programs in a change-oriented, fast-paced cross functional environment

• Excellent communication skills across technical and non-technical collaborators. Great attention to detail and ability to adapt communication for each audience and channel. 

• Operational approach. Experience creating and driving processes which smooth execution without creating undue burden. Ability to maintain order in times of ambiguity and changing priorities. 

• Work courageously and proactively to define and contain complicated problems, prioritize effectively, and deliver quickly

• Able to influence outcomes without relying on reporting lines or organizational hierarchy

• Have developed or lead a GRC program

• Passionate about the GRC space!

• You are an excellent collaborator and know how to communicate effectively with partners and stakeholders

• You have negotiation skills when it comes to prioritizing work and balancing business needs against security and privacy risk

Additional Information

What's Next

If you're interested in joining the team at Etsy, please share your resume with us and feel free to include a cover letter if you'd like. As we hope you've seen already, Etsy is a place that values individuality and variety. We don't want you to be like everyone else -- we want you to be like you! So tell us what you're all about.

Our Promise

At Etsy, we believe that a diverse, equitable and inclusive workplace furthers relevance, resilience, and longevity. We encourage people from all backgrounds, ages, abilities, and experiences to apply. Etsy is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If, due to a disability, you need an accommodation during any part of the interview process, please let your recruiter know. While Etsy supports visa sponsorship, sponsorship opportunities may be limited to certain roles and skills.