Podium is hiring a
GRC Analyst in United States

Summary

The job is for a GRC security analyst at Podium who will support the organization's security initiatives, align the security strategy with information systems, and ensure compliance with various standards and regulations. The ideal candidate has a strong technical background, at least 5+ years of experience in security, compliance, or risk management, and knowledge of regulatory requirements such as PCI, SOX, HIPAA, GDPR, and GLBA.

Requirements

• Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience
• At least 5+ years’ experience in cybersecurity as a practitioner and 2 to 3+ years' exposure to various security frameworks
• Strong business acumen and security technology skills
• Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, HIPAA, GDPR, and GLBA. Additional experience in one or more of the following: ISO 27001/2, ITIL, or NIST
• Exceptional written and verbal communication skills
• The capacity to understand legacy and progressive technology, security controls, and respective risks. Working knowledge of technologies such as cloud computing, DevOps, and application security is required
• Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management, and hardening guidelines
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
• Holds, or is working toward, one or more of the following: CISSP, CRISC, CGEIT, or GRCP

Responsibilities

• Support our security initiatives and enhance overall security stance
• Oversee compliance with various standards and regulations, including GLBA, SOX, GDPR, HIPAA, and PCI DSS
• Evaluate and validate the effectiveness of our security program
• Serve as the main point of contact for internal and external auditors
• Conduct enterprise-wide risk analysis in collaboration with compliance and security teams
• Maintain oversight of GRC-related platform usage and administration
• Monitor third parties, vendors, and business partners to mitigate external risks
• Analyze findings and recommend security improvement initiatives
• Stay informed about security changes affecting regulatory compliance and industry best practices
• Define and track qualitative and quantitative metrics for assessing security program effectiveness
• Ensure up-to-date configuration documentation and oversight of security systems and processes
• Participate in incident response activities as needed

Preferred Qualifications

• Prior team leadership experience preferred
• Preferred experience with cloud environments such as Amazon Web Services (AWS) and Microsoft Azure
• Prior experience with leading GRC systems from vendors such as Vanta, RSA, MetricStream, and IBM
• Demonstrated problem-solving capabilities and ability to manage complex local and international security requirements
• Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats
• Successful track record of managing external entities’ contracts and relationships and mitigating risks to business development opportunities
• Familiarity with state, federal, and international privacy laws

Benefits

• Open and transparent culture
• Life insurance, long and short-term disability coverage
• Paid maternity and paternity leave
• Fertility Benefits
• Generous vacation time, plus three 4-day summer holiday weekends
• Excellent medical, dental, and vision benefits
• 401k Plan with competitive company matching
• Bi-annual swag drops with cool Podium gear and apparel
• A stellar HQ (Utah) gym with local professional coaches and classes offered
• Onsite HQ (Utah) child care center, subsidized for employees
• Additional benefits for fully remote employees