Security Governance, Risk, and Compliance (GRC) Specialist
United Kingdom
Applications have closed
TripAdvisor
Plan your next trip, read reviews and get travel advice from our community on where to stay and what to do. Find savings on hotels, book the perfect tour or attraction, and reserve a table at the best restaurants.Remote-based- UK/ Ireland
We believe that we are better together, and at Tripadvisor we welcome you for who you are. Our workplace is for everyone, as is our people-powered platform. At Tripadvisor, we want you to bring your unique identities, abilities, and experiences, so we can collectively revolutionize travel and together find the good out there.
We are seeking a Governance, Risk, and Compliance (GRC) Specialist to join our growing security team at Tripadvisor. The GRC Specialist will be responsible for developing, implementing, and maintaining the company's Information Security GRC program, ensuring compliance with regulatory requirements, and tracking and reporting out on risks. The successful candidate will work closely with Legal, Internal Audit, our various Brands, and all teams in the company to track and reduce risk and ensure adherence to privacy and security best practices.
What you'll do:
- Develop, implement, and maintain the company's GRC program, ensuring compliance with regulatory requirements, and privacy and security best practices.
- Ensure that policies and procedures are aligned with NIST CSF, CRPA, GDPR, PCI DSS, and SEC cyber security requirements.
- Work closely with Legal and Internal Audit to track our heat riskmap and develop a global risk register.
- Measure our security against various frameworks and develop a roadmap to improve our security posture.
- Conduct periodic risk assessments and ensure that risk mitigation strategies are in place.
- Develop and maintain a security awareness training program for all employees.
- Develop and maintain metrics to track the effectiveness of the GRC program and report on progress to senior management.
Skills and experience:
- Bachelor's degree in Information Security, Computer Science, or a related field.
- Minimum of 5 years of experience in a GRC role.
- Strong knowledge of regulatory requirements, including CRPA, GDPR, PCI DSS, and SEC cyber security reporting.
- Strong understanding of privacy and security best practices and NIST CSF.
- Experience developing and implementing policies and procedures.
- Experience conducting risk assessments and developing risk mitigation strategies.
- Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
- Security certifications such as CISA, CISSP, CISM, CIPT, or CRISC are a plus.
At Tripadvisor, we are committed to creating a diverse and inclusive workplace. We welcome and encourage applicants from all backgrounds and identities to apply for this position.
If you need a reasonable accommodation or support during the application or the recruiting process due to a medical condition or disability, please reach out to your individual recruiter or send an email to AccessibleRecruiting@Tripadvisor.com and let us know the nature of your request. Please include the job requisition number in your message.
#LI-CH1
#LI-Tripadvisor
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISA CISM CISSP Compliance Computer Science CRISC GDPR Governance NIST PCI DSS Privacy Risk assessment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs