GRC Risk & Security Analyst

About Us:
DailyPay is transforming the way people get paid. As a worktech company and the industrys leading on demand pay solution DailyPay uses an award-winning technology platform to help Americas top employers build stronger relationships with their employees. This voluntary employee benefit enables workers everywhere to feel more motivated to work harder and stay longer on the job while supporting their financial well-being outside of the workplace.
DailyPay is headquartered in New York City with operations throughout the United States as well as in Belfast. For more information visit DailyPays Press Center.

The Role:

The GRC Security Analyst is responsible for assessing analyzing and mitigating risks associated with the organizations information security posture. This role will play a crucial part in ensuring compliance with regulatory requirements and protecting sensitive data both internally and across the third-party ecosystem. This includes evaluating the security posture of vendors and partners that DailyPay relies on as well as supporting customers and partners when they assess DailyPay as part of their own vendor due diligence processes.

The GRC Security Analyst will also be responsible for assessing analyzing and mitigating risks associated with access to information systems as well as the third-party vendors and partners who interact with those systems. This role will play a crucial part in ensuring the organizations compliance with regulatory requirements managing third-party risk exposure and protecting sensitive data across the full scope of DailyPays internal and external relationships.

If this opportunity excites you we encourage you to apply even if you do not meet all of the qualifications.

How You Will Make an Impact:

Risk Assessment

• Analyze access privileges segregation of duties and other control mechanisms to identify potential risks

• Conduct regular risk assessments to identify and evaluate potential threats and vulnerabilities

• Analyze security controls policies and procedures to identify gaps and weaknesses

• Develop risk matrices and prioritize risks based on likelihood and impact

• Perform third-party vendor risk assessments to evaluate the security posture of new and existing vendors ensuring they meet DailyPays security and compliance standards

Third-Party Risk Management

• Lead and support DailyPays third-party risk assessment program including initial onboarding assessments periodic reviews and offboarding of vendors

• Evaluate vendor security questionnaires SOC 2 reports penetration test results and other security documentation to assess risk exposure

• Maintain the vendor risk register and track remediation of identified gaps or deficiencies

• Serve as a point of contact for customers and partners conducting security assessments of DailyPay responding to security questionnaires RFPs and due diligence requests in a timely and accurate manner

• Collaborate cross-functionally with Legal Procurement and Engineering to ensure third-party contracts include appropriate security requirements and data protection clauses

Compliance Management

• Ensure compliance with relevant regulatory and industry frameworks (e.g. SOC2 ISO 27001 PCI DSS SOX 404 GDPR CCPA)

• Develop and maintain compliance documentation and evidence

Policy Development and Enforcement

• Assist in the development implementation and maintenance of information security policies including building relevant procedures to meet policy objectives

• Ensure adherence to established policies and procedures by conducting regular audits and reviews

• Identify and address non-compliance issues

Access Review and Certification

• Oversee periodic access reviews to ensure that individuals have appropriate access privileges based on their roles and responsibilities

• Certify access reviews and recommend changes as needed

Security Controls

• Assist in the development implementation and maintenance of security controls

• Review and evaluate the effectiveness of existing controls

• Identify and address control deficiencies

Identify and Access Management (IAM)

• Collaborate with the IAM team to ensure effective management of user identities and access privileges

• Assist in the implementation and maintenance of IAM systems and processes

Incident Response

• Contribute to incident response plans and procedures related to information security incidents

• Assist in the investigation and remediation of security incidents

What You Bring to The Team:

• 3 years of experience in a GRC or information security role

• Experience with GRC and Third Party Risk Management tools

• Experience in a regulated public company is preferred

• Bachelors degree in Information Security Computer Science or a related field (or equivalent experience)

• Certification in CISA or CISSP

• Strong understanding of access governance principles frameworks and best practices

• Knowledge of risk management frameworks (e.g. NIST RMF FAIR)

• Strong interpersonal and communication skills with the ability to collaborate effectively across internal teams engage with external vendors during risk assessments and professionally represent DailyPay when responding to customer security inquiries and due diligence requests

What We Offer:

• Competitive compensation

• Opportunity for equity ownership

• Private health insurance option

• Employee Resource Groups

• Fun company outings and events

• Generous PTO Allowance

• 5% Pension contribution

#BI-Hybrid #LI-Hybrid

High-performing cultures arent built in silos they thrive on partnership. At DailyPay we Commit Together to an inclusive professional environment where multifaceted perspectives are our greatest competitive advantage. We recognize that our team members dont live single-issue lives and we lean into the wide-ranging backgrounds and life stages that sharpen our collective decision-making.

In our high-trust environment we empower you to Challenge Norms. Weve created a space where it is safe to ask difficult questions disrupt the status quo and share bold perspectives without fear of professional fallout. We believe that by checking our own assumptions and staying curious about the experiences of others we arrive at better more innovative results.

We provide the space for you to do your best work through peer advocacy and transparent career development. If you are looking for a culture that values intellectual honesty celebrates the unique lived experiences of its people and thrives on collective success youll find it here.

If you require reasonable accommodation for any aspect of the recruitment process please send a request to . All requests for accommodation will be addressed as confidentially as practicable.

DailyPay is an equal opportunity employer. All qualified applicants will receive consideration without regard to race color religion or creed alienage or citizenship status political affiliation marital or partnership status age national origin ancestry physical or mental disability medical condition veteran status gender gender identity pregnancy childbirth (or related medical conditions) sex sexual orientation sexual and other reproductive health decisions genetic disorder genetic predisposition carrier status military status familial status or domestic violence victim status and any other basis protected under federal state or local laws.

Required Experience:

IC