GRC Analyst - Third Party

As Marqeta’s GRC Analyst - Third Party, you will support the implementation of a modern Third Party Risk Management program. This role will work with the TPRM team within the Office of Cybersecurity to build third party risk management governance and audit frameworks that meet key security standards and regulatory requirements, including PCI DSS, ISO 27001, GDPR, and SSAE-18. The GRC Analyst will collaborate with cross-functional teams and external parties to assess security controls in third-party environments, perform ongoing monitoring audits, drive remediation of risks, and articulate identified risks to key stakeholders. This position will have an opportunity to innovate and drive adoption of risk management and vendor management solutions. 

The Impact You’ll Have

• Support enhancement and implementation of policies, procedures and program governance to ensure effective security risk management of third parties in accordance with industry and regulatory requirements
• Perform security risk assessments of third parties (ie. vendors and customers) to identify, validate and remediate risks
• Perform audits of high risk vendors and collaborate with business owners and vendors to mitigate risks
• Perform due diligence reviews on prospective customers to ensure compliance with our internal and regulatory requirements
• Communicate risks in a meaningful manner with internal stakeholders
• Report risk metrics in a timely manner
• Categorize third parties using a risk-based tiering framework
• Increase efficiency throughout the third party risk management process with automation and innovation
• Develop standardized reporting to enable continuous monitoring against program goals

Who You Are

• Minimum 2-3 years industry experience in Information Security, Third Party Risk Management, IT Risk Management, IT Audit or Compliance
• Experience assessing compliance with technical regulations and standards (e.g. PCI DSS, ISO 27001, SOC2, SOX, NIST, etc.)
• Experience working with global privacy and data protection regulations is a plus (e.g. GDPR, CCPA)
• A strong bias toward action and able to operate effectively in a dynamic, fast-paced environment
• Ability to manage time effectively and adhere to SLAs
• Excellent verbal and written communication skills including the ability to simplify key security messages and translate technical matters to non-technical audiences
• Positive attitude, team player, adaptable, resourceful, and self-starter who is able to work independently
• Willingness to challenge the status quo and drive continuous improvement through change
• Ability to travel to some onsite audits as needed

Nice-To-Haves

• Masters or Bachelors degree in Computer Science, Information Security, Information Technology or equivalent experience
• Experience with Security / GRC tooling such as OneTrust, Salesforce, JIRA, etc. is a plus
• CISSP, CISM, CISA, CIPP preferred

Your Manager

• Rosalyn Hua

Recruiter For This Role

• Agata Wojciechowska

Typical Process

• Application Submission
• Recruiter phone call
• Hiring manager video call
• Virtual “Onsite” consisting of 4-5, 45 min calls
• Offer!

Compensation and Benefits

Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office. To support Flex First, we calibrate pay to a competitive value according to working location. 

When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location. The new-hire base salary range for this position, reflected in CAD,  is: 62,800-78,500.

We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.

Along with monetary compensation, Marqeta offers

• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution
• Equity in a publicly-traded company 
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development
• Family-forming benefits and up to 20 weeks of Parental Leave