Groupon

Cybersecurity Analyst, Tech Compliance

Groupon

full-time

Posted on:

Location Type: Remote

Location: Remote • New York • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $110,000 - $120,000 per year

Job Level

Mid-LevelSenior

Tech Stack

AWSCloudCyber SecurityGoogle Cloud Platform

About the role

  • Lead the Cybersecurity Policy Program by overseeing the policy portfolio, ensuring all documents remain current and effective, and proactively identifying opportunities to enhance or expand policy coverage.
  • Lead the cybersecurity team's role as risk reviewers within the third-party risk assessment (TPRA) process, which involves reviewing submissions, supervising evaluations, providing contract input, and partnering with Sourcing to strengthen the overall third-party risk management (TPRM) strategy.
  • Support continuous compliance with PCI DSS to help ensure secure credit card transactions. This involves coordinating with internal teams, staying informed of evolving standards, monitoring credit card usage across the organization, and monitoring/processing scans and output from various security tools.
  • Support periodic user access recertification for critical systems and applications. Collaborate with system owners and managers to facilitate timely reviews, track and address inappropriate access, and help iterate on and improve the overall process.
  • Act as a subject matter expert (SME) on compliance and assurance activities, including supporting internal and external audits (e.g., SOX, Privacy). Also, respond to client and vendor security inquiries and assist in implementing new regulatory or compliance requirements.
  • Demonstrate support and understanding of our value of journalistic independence and a strong commitment to our mission to seek the truth and help people understand the world.
  • This role reports to the Executive Director, Cybersecurity.

Requirements

  • 3+ years of experience in a Technology Risk, Cybersecurity, IT Audit, or Compliance role
  • Demonstrated project management skills. Experience managing processes end-to-end, such as an audit cycle or a recertification campaign, keeping multiple stakeholders on task and meeting deadlines
  • Experience with third-party risk assessment (TPRA) processes and tools
  • Direct experience in policy writing and life-cycle management
  • Relevant professional certification (e.g., CISA, CISSP, CISM, CRISC, or PCIP)
  • Familiarity with compliance in cloud environments (e.g., AWS, GCP)
  • Experience with scripting languages, regular expressions, and APIs to automate data collection or integrate compliance tools, driving efficiency in audit or recertification processes.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
cybersecurity policy managementthird-party risk assessmentcompliance monitoringuser access recertificationpolicy writingscripting languagesregular expressionsAPIsaudit processesdata collection automation
Soft skills
project managementstakeholder managementcollaborationcommunicationproblem-solvingattention to detailorganizational skillsadaptabilitycritical thinkingleadership
Certifications
CISACISSPCISMCRISCPCIP