We are looking for a GRC (Governance, Risk, and Compliance) Analyst with experience in PCI DSS and SOC 2 audits to join our team. The ideal candidate will have 2-3 years of experience in the field, with a strong understanding of regulatory requirements and best practices in information security.
Responsibilities:
Conduct assessments and audits to evaluate compliance with PCI DSS and SOC 2 standards.
Develop and maintain policies, procedures, and controls to ensure adherence to regulatory requirements and industry best practices.
Collaborate with internal teams to identify and mitigate risks related to information security and data privacy.
Provide guidance and support to business units on security-related matters, including risk assessments, control implementation, and remediation activities.
Participate in the development and implementation of security awareness training programs for employees.
Stay abreast of emerging threats, vulnerabilities, and regulatory changes affecting the organization’s security posture.
Requirements:
Bachelor’s degree in computer science, Information Security, or related field.
2-3 years of experience in governance, risk management, and compliance, with a focus on PCI DSS and SOC 2.
Familiarity with regulatory frameworks such as HIPAA, GDPR, and NIST Cybersecurity Framework.
Professional certifications such as CISSP, CISA, or CISM are highly desirable.
Experience working with Qualified Security Assessors (QSAs) is a plus.
Strong analytical and problem-solving skills, with the ability to assess complex security issues and recommend effective solutions.
Excellent communication skills, with the ability to effectively communicate technical concepts to non-technical stakeholders.
Ability to work independently and collaboratively in a fast-paced, dynamic environment.