GRC Security and Access Governance Analyst
DailyPay
full-time
Posted on:
Location Type: Hybrid
Location: New York City • New York • United States
Visit company websiteExplore more
Salary
💰 $73,000 - $109,000 per year
About the role
- Conduct regular risk assessments to identify and evaluate potential threats and vulnerabilities
- Analyze security controls, policies, and procedures to identify gaps and weaknesses
- Develop risk matrices and prioritize risks based on likelihood and impact
- Design and maintain access governance frameworks, policies, and procedures to ensure appropriate and least-privilege access across all systems and platforms
- Oversee user provisioning, deprovisioning, and access modification processes to ensure timely and accurate execution
- Conduct and manage periodic user access reviews and certifications, ensuring individuals hold access privileges appropriate to their roles and responsibilities
- Identify and remediate segregation of duties (SoD) conflicts and other access control violations
- Partner with the IAM team to continuously improve access governance processes, tooling, and automation
- Assist in the implementation and maintenance of IAM systems(Okta, ConductorOne) and processes
- Certify access reviews and recommend changes as needed
- Ensure compliance with relevant regulatory and industry frameworks (e.g. SOC2, ISO 27001, PCI DSS, SOX 404, GDPR, CCPA)
- Develop and maintain compliance documentation and evidence
- Assist in the development, implementation, and maintenance of information security policies including building relevant procedures to meet policy objectives
- Ensure adherence to established policies and procedures by conducting regular audits and reviews
- Identify and address non-compliance issues
- Assist in the development, implementation, and maintenance of security controls
- Review and evaluate the effectiveness of existing controls
- Identify and address control deficiencies
- Contribute to incident response plans and procedures related to information security incidents
- Assist in the investigation and remediation of security incidents
Requirements
- 3+ years of experience in a GRC or information security role
- Experience with Identity & Access Management tools
- Experience working with business process owners
- Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience)
- Strong understanding of SOX access control principles and best practices
- Knowledge of risk management frameworks
- Experience in a regulated public company is preferred
- Demonstrated ability to manage medium complex projects
- Certification in CISA or CISSP preferred
- Strong interpersonal and communication skills, with the ability to collaborate effectively.
Benefits
- Exceptional health, vision, and dental care
- Opportunity for equity ownership
- Life and AD&D, short- and long-term disability
- Employee Assistance Program
- Employee Resource Groups
- Fun company outings and events
- Unlimited PTO
- 401K with company match
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
risk assessmentssecurity controls analysisrisk matrices developmentaccess governance frameworksuser provisioninguser access reviewssegregation of duties (SoD)incident responsesecurity controls implementationcompliance documentation
Soft Skills
interpersonal skillscommunication skillscollaborationproject management
Certifications
CISACISSP