Security Analyst

Summary/Objective

The Information Security GRC Analyst, will report to the Director, IT Compliance.  This role will interact with multiple departments, manage compliance readiness, provide support for our central GRC repository, and conduct risk/gap assessments based on industry leading frameworks including remediation recommendations, tracking and associated metrics. 

Essential Functions

• Support audit and compliance activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.
• Maintain and monitor a central repository of audit evidence
• Conduct gap analysis on various industry standard compliance and regulatory requirements
• Track, update, and draft clear, concise policies, standards and procedures
• Maintain an up-to-date risk register and track remediation status
• Collaborate with various departments on GRC related objectives
• Track and ensure compliance with IT and security controls covering a wide range of regulations
• Follow up with team members driving progress on tracked issues
• Develop and contribute to metrics and KPIs for CISO and executive management review
• Review, update, and test governance plans such as the BCP, IRP and DR plans
• Assist in the Development and delivery of security awareness and training programs to educate employees on security policies, procedures, and best practices

Work Environment

This job operates in a professional office environment. This role routinely uses standard office equipment such as laptop computers, photocopiers and smartphones.

Physical Demands

While performing the duties of this job, the employee is regularly required to talk or hear. This would require the ability to lift files, open filing cabinets and bend or stand on a stool as necessary.

Position Type/Expected Hours of Work

This is a full-time position. Days and hours of work are Monday through Friday, during normal business hours. Occasional evening and weekend work may be required as job duties demand.

Travel

Little to no travel is expected for this position.

Education and Experience

• A bachelor's degree and 2 years of regulatory compliance or similar experience in payments or consumer finance, or similar combination of education and experience are preferred.
• Working knowledge in risk management, audits (SOC 1, SOC 2, PCI DSS) and information security best practices.
• Basic understanding of regulatory compliance and information security frameworks such as GDPR, CCPA, NIST, CIS Controls, etc.
• Experience in dealing with internal / external resources across a variety of departments and office hierarchies
• Self-driven and high attention to detail
• Fantastic written and verbal communication skills
• Ability to operate in and maintain a fast pace and cadence
• Authorized to work lawfully in the United States of America

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

EEO Statement

Paymentus is an equal opportunity employer. We enthusiastically accept our responsibility to make employment decisions without regard to race, religious creed, color, age, sex, sexual orientation, national origin, ancestry, citizenship status, religion, marital status, disability, military service or veteran status, genetic information, medical condition including medical characteristics, or any other classification protected by applicable federal, state, and local laws and ordinances. Our management is dedicated to ensuring the fulfillment of this policy with respect to hiring, placement, promotion, transfer, demotion, layoff, termination, recruitment advertising, pay, and other forms of compensation, training, and general treatment during employment.

Reasonable Accommodation

Paymentus recognizes and supports its obligation to endeavor to accommodate job applicants and employees with known physical or mental disabilities who are able to perform the essential functions of the position, with or without reasonable accommodation. Paymentus will endeavor to provide reasonable accommodations to otherwise qualified job applicants and employees with known physical or mental disabilities, unless doing so would impose an undue hardship on the Company or pose a direct threat of substantial harm to the employee or others.

An applicant or employee who believes he or she needs a reasonable accommodation of a disability should discuss the need for possible accommodation with the Human Resources Department, or his or her direct supervisor.