iHerb is hiring a
GRC Program Specialist

Summary

Join our team as a GRC Program Specialist and support the security direction of the business, elevating the company's security posture. The ideal candidate is technical with at least three or more years of experience in security, compliance, or risk management.

Responsibilities

• Assist in periodic re-validation of our Top Risks and drive improvements for risk reduction
• Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our GRC processes and policies
• Maintain oversight in a GRC-related platform
• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks
• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation
• Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalating to security management and business unit leads when points of weakness are discovered
• Analyze findings, and document, recommend and report program gaps to security leadership
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices, and procedures
• Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership
• Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Maintain rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts
• Function as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting
• Help support various parts of the company to adopt a common risk and control framework
• Assist with all ongoing compliance activities related to the implementation, maintenance, monitoring, and continuous improvement of the Information Security Management System (ISMS)
• Evaluate the effectiveness of information security controls and performance by developing, monitoring, gathering, and analyzing information security and compliance metrics for management
• Advise and collaborate with SMEs, including Audit & Compliance teams, to ensure adequate security controls are in place to manage risk and are aligned with leading best practices
• Perform security policy and standard gap analysis, propose and draft documents and changes