Remote Senior Governance Risk and Compliance Analyst

Summary

Join the TrueCar Crew as a Senior Governance, Risk, and Compliance Analyst to improve the overall security and compliance posture of the organization. As a key member of the Security & Compliance team, you will collaborate with internal and external auditors, evaluate and test security solutions, and work closely with business and technology stakeholders to identify and implement processes to address areas of key risks.

Requirements

• Proven experience in a related role
• Knowledge and experience with cybersecurity frameworks (NIST CSF/CIS), SOC 2, internal control frameworks (COSO/COBIT), Security System Development Life Cycle and risk methodologies
• Ability to effectively build strong productive cross-functional relationships with stakeholders regarding security practices and compliance obligations
• Operational SOX experience for ITGCs & ITACs
• Knowledge of US privacy requirements
• Excellent analytical and problem-solving skills
• Outstanding listening and communication skills to enhance security posture
• Strong documentation skills, attention to detail, and demonstrated integrity and professionalism

Responsibilities

• Collaborate with internal and external auditors and exam teams over internal controls, risks, documentation, and testing engagements while supporting stakeholders
• Evaluate, test, and document security solutions and controls, and work closely with other security team members to remediate risk while ensuring the business can innovate
• Work closely with business and technology stakeholders to identify, document, and implement processes to address areas of key risks
• Participate and assist with the implementation of new systems and processes to ensure continued business process improvement, operational efficiency, and industry compliance
• Support Sarbanes-Oxley (SOX) testing including coordinating with functional management personnel, internal stakeholders, and outside consultants
• Support Service Organization Control (SOC 2, Type 2) program through evidence gathering, testing, and coordination with auditors and stakeholders
• Understand how privacy regulations and data governance models affect IT processes and compliance obligations
• Monitor evolving SOX, accounting guidance, and compliance requirements; identify relevant requirements, provide remediation plans, if necessary, and implement procedures to ensure the processes around the new requirements are in compliance
• Work with IT stakeholders on the implementation of new systems and software solutions
• Conduct Third Party Risk Assessments before onboarding and annual reviews for critical vendors to address risks and comply with Third Party Risk Management (TPRM) best practices
• Help to develop risk assessment framework to identify, analyze and track cybersecurity risk exposures and remediation plans
• Develop and maintain IT policies, standards, and procedures including IT standard operating procedures, disaster recovery plan, and business continuity plan
• Help support the Findings Program by clearly articulating audit finding remediation deadlines to control owners, document remediation plans and

Preferred Qualifications

• Experience working in the technology industry preferred
• CISA certification preferred

Benefits

• 100% employer-paid health/vision/dental premium
• 401k with company contribution
• Equity
• Wellness stipend program
• Learning & development reimbursement program
• Flexible PTO policy for exempt TrueCar Crew
• Generous PTO accrual policy for non-exempt TrueCar Crew
• 14 company-paid holidays and 2 floating holidays