Senior Information Security GRC Analyst

Yesterday

Apply Now

Receive Emails with Similar Jobs

WEX

WebsiteLinkedInAll Job Openings

Fleet payments • Heathcare payments • Travel payments • Virtual payments • Corporate payment solutions

5001 - 10000

💰 $310M Post-IPO Debt on 2020-06

Description

• WEX is seeking an experienced Information Security Governance, Risk, and Compliance (GRC) Analyst to join our dynamic security team. • Responsible for developing, implementing, and managing our organization’s security governance framework, assessing and mitigating risks, and ensuring compliance with applicable regulations and standards. • Lead complex projects, provide strategic insights to security related tasks, and guidance to other teams across the enterprise. • Develop, implement, and maintain security policies, standards, and guidelines in alignment with regulatory and industry requirements. • Assist in efforts to assess and enhance the organization’s information security governance framework, ensuring consistent application across all business units. • Provide guidance and support to business units in implementing and adhering to security policies, standards, and procedures. • Monitor and report findings, and metrics on the effectiveness of security governance initiatives to senior management. • Conduct risk assessments, including identifying, analyzing, and prioritizing risks, to determine the potential impact on the organization. • Collaborate with business units to develop and implement risk mitigation strategies, ensuring that security controls are appropriate and effective. • Continuously monitor and review the organization’s risk posture, adjusting strategies as needed to address emerging threats. • Prepare and present risk assessment findings, metrics, and recommendations to stakeholders, including executive management. • Ensure the organization’s compliance with relevant regulatory requirements, industry standards, and internal policies. • Conduct regular audits and assessments to verify adherence to security controls and compliance requirements. • Serve as a subject matter expert on security compliance, providing advice and guidance to teams across the organization. • Participate in incident response activities, including investigation, containment, and recovery. • Conduct root cause analysis of security incidents. • Manage and oversee third-party audits, including coordination of responses to audit findings and ensuring remediation of any identified issues. • Prepare and submit compliance reports to regulatory bodies as required. • Assess and manage the security posture of third-party vendors and service providers. • Ensure that third-party contracts include appropriate security requirements. • Prepare and develop corrective action plans. • Prepare and deliver reports on metrics, compliance status, and risk management activities to executive leadership and other stakeholders. • Develop and deliver security awareness and training programs to educate employees on security policies, procedures, and best practices. • Promote a culture of security awareness throughout the organization, encouraging proactive risk management and compliance.

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field • Experience in information security in a Governance, Risk, and Compliance (GRC) role • In-depth knowledge of information security frameworks, standards, and regulations • Proven experience in risk management and compliance activities • Experience with industry regulatory compliance framework (e.g. PCI-DSS, HITRUST, SOX/SOC, NIST, FedRamp , FISMA , etc.) • Demonstrated ability to take initiative and accountability for achieving result • Understanding of cloud-based infrastructure components with specific understanding of the security risks presented in a decentralized and hybrid environment • Experience with security audit processes and responding to regulatory inquiries • Experience with security industry tools and best practices • Strong analytical, problem-solving, and decision-making skills • Excellent communication and interpersonal skills with the ability to effectively convey technical information to non-technical stakeholders • Ability to work independently and as part of a team in a fast-paced, dynamic environment • Strong project management skills with the ability to manage multiple priorities simultaneously • Experience with gathering metrics and creating dashboards to be presented to executive management • Certified Information Systems Auditor (CISA) • Certified Information Systems Security Professional (CISSP) • Certified in Risk and Information Systems Control (CRISC) • CompTIA’s Security+ (Security+)

Benefits

• Offering comprehensive and market competitive benefits • Designed to support your personal and professional well-being