Security Privacy, Trust, and GRC Analyst II - Workrise Austin, Texas, United States Bookmark Share Print 210 0 0

Listing Description

As the leading workforce management solution for the skilled trades, Workrise makes it easier for skilled laborers to find work, and for companies to find in-demand workers. Workrise currently operates in wind, solar, construction, oil and gas, and defense industries. We’re growing, and we’d love to learn what you can add to our team!


Workrise is hiring an Analyst II, Security Privacy, Trust, and GRC that will be responsible for assisting in the development and management of the data privacy, customer trust, and security governance, risk, and compliance functions. This role will initially support the development and maintenance of foundational elements of the functions and grow into the ownership of multiple compliance programs or functions. Our ideal candidate for this role will be someone who has multiple years of experience in the privacy, trust, or GRC space but wants to learn and grow across all functions and who is eager to learn, analytical, and diligent. 


Why Join us? Our Security Privacy, Trust, and GRC team at Workrise is helping to build a modern and  scalable platform for the future of the skilled labor workforce. You will be building and then owning security functions within the security organization. You will have the opportunity to engage with stakeholders and control owners across the organization as you work to build out all of the necessary pieces of privacy, trust, and GRC. You will have the opportunity to provide real impact in moving the ball forward for privacy, trust, and GRC to allow Workrise to scale, grow, and win new business.


 


What you’ll be doing:



  • Assist in the development and management of the information security policies and standards in concert with stakeholders from across the organization

  • Assist in the development and operation of the cyber risk management program

  • Assist in the execution of cyber risk assessments for business processes, technology, and products

  • Track open risk items to ensure milestones are achieved and risk owners are supported

  • Support the development and management of security compliance programs for industry security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc.)

  • Collaborate with control owners and other stakeholders across the organization on GRC and other security initiatives

  • Assist in the maintenance of a common control framework and the implementation of GRC tooling

  • Performance of security IT audits to include evidence lifecycle management, control walkthrough scheduling and execution, documentation of control GAPs, and management of corrective action plans

  • Build relationships with other departments and a broad range of Workrise employees at various levels to accomplish program objectives and further Security goals

  • Respond to requests from external parties regarding the state of security at Workrise (questionnaires, evidence requests, etc.)

  • Assist in the development of the Customer Trust function

  • Facilitate external audits by customers and certification bodies through the management of the audit lifecycle

  • Assist in the response and notification process for the breach of sensitive and/or personal information


 


What you should have:



  • Bachelor’s degree in computer science, information systems management, cybersecurity, information assurance or related field or equivalent relevant experience

  • 2+ years of technical professional experience in IT audit, IT risk management, or security governance

  • Solid experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc.)

  • Understanding and experience with cyber risk management and mitigation

  • Experience across most control domains (i.e., access management, change management, security operations, etc.)

  • Working knowledge of multiple industry accepted information security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc)

  • Experience with public cloud solution providers (AWS, Azure, and/or Google)

  • Exposure to and/or understanding of GRC tooling

  • Good written and verbal communication skills 

  • Strong work ethic, critical thinking, and attention to detail 


Nice to have but not required:



  • Posses multiple industry accepted information security certifications (CISA, CISSP, CRISC, CCSK, CIPPP, etc)

  • Experience in the oil and gas industry


 

Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Useful Links

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765

requests@ninjajobs.org
www.ninjajobs.org
Chat with us!