GRC Analyst
Sunnyvale, TX, United States
Fanatics
Fanatics Collectibles is looking for a Governance, Risk, and Compliance (GRC) Analyst to join our Information Security team. This position will report into the Director - Governance, Risk, and Compliance and will be responsible for assessing controls, prioritizing information security and cybersecurity risk across the organization, facilitating compliance with regulatory requirements, developing and managing information security policies, and reporting on information security metrics.
The GRC Analyst is responsible for reducing information security and cybersecurity risk to Fanatics Collectibles by helping to prioritize and drive remediation efforts throughout the organization through the following:
- Creating, maintaining, communicating, and enforcing information security policies.
- Establishing and maintaining information security governance and compliance standards.
- Conducting control risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.
- Maintaining the risk mitigation, risk exception process, and conducting residual risk analysis.
The GRC Analyst independently executes high-quality, enterprise-wide controls assessments against industry leading frameworks. The GRC Analyst works with employees and leaders across Fanatics Collectibles.
Team members are given a great deal of autonomy in the pursuit of keeping Fanatics Collectibles secure and a successful candidate will demonstrate strong communication skills and is expected to be comfortable and effective working independently and as part of a larger, global team. The ability to communicate broadly across different skill sets will be key to success in this role.
Duties and responsibilities may include:
Support the controls risk assessment process, by:
- Performing on-going and annual control risk assessments
- Support audit execution processes by providing compliance consultation on various frameworks and best practices
- Collecting, reviewing, and uploading evidence
- Collecting and documenting emerging risks
- Assisting in risk analysis and evaluation
- Providing input for risk trends, emerging threats, and issues
- Direct engagement with internal teams to ensure adherence to processes
- Mentor fellow Fanatics Collectibles personnel on best security practices through cross-functional work with multiple technical and non-technical teams
Required Education and Certification:
- Bachelor's degree in an IT or engineering related field strongly preferred.
- CISA, CISSP, CISM, or CRISC certification or equivalent strongly preferred.
Required Skills:
- Experience (minimum 5 years) in information technology (IT) or information security with IT-based governance, risk, and compliance.
- Experience (minimum 1 year) with IT-based audit.
- A solid understanding of the following frameworks, with direct experience in at least 2 preferred: PCI-DSS Data Privacy (GDPR, CCPA, others) ISO 27001, NIST 800-53, COBIT, SOX.
- Proficiency in written and spoken English.
- Ability to present findings and summaries of issues to senior management.
- Pro-active and self-motivated, including a willingness to reach out to development teams and stakeholders to discuss issues and identify areas needing assistance.
- Excellent communication and interpersonal skills.
- Ability to approach problem solving in a constructive and collaborative way.
- Experience with cloud-based tools strongly preferred.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CCPA CISA CISM CISSP Cloud COBIT Compliance CRISC GDPR Governance ISO 27001 NIST NIST 800-53 Privacy Risk analysis Risk assessment SOX Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs