Sr Security Analyst â GRC (Compliance & Training)
Sr Security Analyst â GRC (Compliance & Training)
Posted on :
23-08-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
JOB TITLE: Sr Security Analyst GRC (Compliance & Training)
LOCATION:Santiago DR
MODALITY: Remote
SCHEDULE: Mon - Fri 09:00 AM - 06:00 PM
GENERAL DESCRIPTION OR PURPOSE OF JOB:
The Senior Security Analyst GRC (Compliance & Training) is primarily responsible for helping ensure our organization adheres to Jostens Information Security Program. Key activities will include helping develop and document Processes and Controls that meet our Information Security Policies and Standards Payment Card Industry Data Security Standard (PCI DSS) Jostens SOX ITGCs and other control requirements. This individual will also maintain Jostens Security Awareness Training program. The ideal candidate is a detail-oriented professional with a strong background in IT compliance risk management and internal controls.
This role will collaborate across teams to collect and assess evidence to satisfy security requirements. The individual must be a motivated team player with a positive attitude solid interpersonal skills and someone who can quickly take ownership within their area. The individual must be hands-on work under minimal supervision and can work in a fast-paced environment.
RESPONSIBILITIES / ESSENTIAL FUNCTIONS:
Compliance Operations:
- Jostens Information Security Program: Help develop review and update information security policies and standards.
- Audit/Assessments: Facilitate audits and assessments of IT programs and individual components to determine compliance with Jostens policy and standards and published frameworks (e.g. SOX ISO27000 PCI etc.).
- Communicate and coordinate with internal and external stakeholders.
- Use Jostens GRC platform (ZenGRC) to automate GRC processes collect evidence manage risks track compliance and generate reports.
- Manage the GRC platform
Security Awareness Training:
- Develop and deliver Jostens Security Awareness Training program to employees at all levels to foster a strong compliance and risk-aware culture.
- Create communications to effectively disseminate security information.
- Evaluate training on a yearly basis to adjust for current trends.
- Assist other units (e.g. Human Resources with providing other required training across the enterprise.
- Manage the training platform (KnowBe4).
While the primary role is Compliance and Training the candidate will be asked to cross train and back up other GRC activities.
Additional Duties and Responsibilities:
- Risk Assessment: Assess risk and coordinate document and validate evidence to meet Jostens cybersecurity and risk requirements. Ensure appropriate treatment of risk.
- Audit/Assessments: Facilitate audits and assessments of IT programs and individual components to determine compliance with published standards (e.g. AICPA SOC2 etc.).
- Vendor Management: Assist in Third-Party Risk Management as needed
- Metrics: Regularly report security metrics proposing improvement as needed.
- Privacy: Coordinate with legal and IT teams on privacy requests.
- Incident response: ensure proper documentation and post-incident analysis.
Required:
Education:
- Bachelors degree in Business or Accounting Information Security Information Management Systems Cybersecurity or other applicable area or related work experience.
Experience:
- Minimum 5 years in IT Information Security IT Audit or related role
- Hands on experience in a compliance role
- Experience with GRC/ third party management tools (e.g. Archer OneTrust ZenGRC Etc.)
- Strong understanding and working knowledge of compliance frameworks including SOC 2 Trust Service Criteria.
- Understanding of training methodology and requirements
Professional Skills:
- Excellent analytical and problem-solving skills
- Strong written and verbal communication skills
- Ability to collaborate with cross-functional teams and external partners.
- Attention to detail with experience prioritizing and managing multiple projects with competing priorities.
- Strong influencing problem solving and decision-making skills.
- Certification applicable to a role in Information Security Governance Risk and Compliance (e.g. CISSP CISA CISM CRISC CRMA) is preferred.
Required Experience:
Senior IC
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
