GRC Analyst

GRC Analyst

We are looking for an individual who is willing to innovate, build, and support governance, risk and compliance efforts in a modern tech environment. You will be responsible of supporting day-to-day service execution of Cimpress Security Services and serve as a consultant to multiple teams within Cimpress businesses. Responsibilities will include the administration and optimization of the security compliance program, security awareness training program, and vendor security due diligence tasks. In addition, you will assist with supporting internal and external assessments as well as contribute to improving the security posture of Cimpress businesses. This role serves as a subject matter expert on IT security topics and assists other team members where possible.

Responsibilities

• Supporting Cimpress Security services: security awareness training, phishing campaigns, vendor security due diligence, risk assessments, auditing and other security projects
• Participating in the creation, management and revision of policies, procedures to support security governance efforts
• Maintaining up-to-date knowledge of the IT Security industry including relevant security and privacy laws and regulations, emerging security threats, new security solutions, and improved security processes and applying that knowledge within the organization
• Supporting internal customers requests for support and services
•  

Qualifications

• Bachelor’s degree, preferably with an emphasis on Information Security or Information Technology, from a four-year college or university, or equivalent experience
• 1-3 years working in an IT, IT security, audit or compliance capacity, or equivalent combination of education and experience.
• Able to apply high level critical thinking skills to understand and solve complex problems
• Strong time management and organizational skills
• Excellent presentation and facilitation skills
• Technical writing
• Ability to display excellent customer service to meet the needs and expectations of both internal and external customers.

Bonus Skills/Knowledge/Experience

• Security certification such as CISA, CISM, CRISC, SANS GIAC, or CISSP preferred
• Experience contributing to the development and review of information security controls strongly preferred.
• Knowledge of PCI, GDPR, CCPA, SOC Audits, PII, SOX audits strongly preferred
• Knowledge of domestic and international privacy laws strongly preferred.
• Experience in using GRC tools preferred.