GRC Security and Access Governance Analyst
New York, New York
Applications have closed
DailyPay
An on-demand pay platform that delivers early access to earned wages and works with all HR/HCM/payroll systems.About Us:
DailyPay, Inc. is transforming the way people get paid. As the industry’s leading on-demand pay solution, DailyPay uses an award-winning technology platform to help America’s top employers build stronger relationships with their employees. This voluntary employee benefit enables workers everywhere to feel more motivated to work harder and stay longer on the job, while supporting their financial well-being outside of the workplace.
DailyPay is headquartered in New York City, with operations throughout the United States as well as in Belfast. For more information, visit DailyPay's Press Center.
The Role:
The GRC Security Analyst is responsible for assessing, analyzing, and mitigating risks associated with the organization's information security posture. This role will play a crucial part in ensuring compliance with regulatory requirements and protecting sensitive data. The GRC Security Analyst will also be responsible for assessing, analyzing, and mitigating risks associated with access to information systems. This role will play a crucial part in ensuring the organization's compliance with regulatory requirements and protecting sensitive data.
If this opportunity excites you, we encourage you to apply even if you do not meet all of the qualifications.
How You Will Make an Impact:
- Risk Assessment
- Analyze access privileges, segregation of duties, and other control mechanisms to identify potential risks
- Conduct regular risk assessments to identify and evaluate potential threats and vulnerabilities
- Analyze security controls, policies, and procedures to identify gaps and weaknesses
- Develop risk matrices and prioritize risks based on likelihood and impact
- Compliance Management
- Ensure compliance with relevant regulatory and industry frameworks (e.g. SOC2, ISO 27001, PCI DSS, SOX 404, GDPR, CCPA)
- Develop and maintain compliance documentation and evidence
- Policy Development and Enforcement
- Assist in the development, implementation, and maintenance of information security policies including building relevant procedures to meet policy objectives
- Ensure adherence to established policies and procedures by conducting regular audits and reviews
- Identify and address non-compliance issues
- Access Review and Certification
- Oversee periodic access reviews to ensure that individuals have appropriate access privileges based on their roles and responsibilities
- Certify access reviews and recommend changes as needed
- Security Controls
- Assist in the development, implementation, and maintenance of security controls
- Review and evaluate the effectiveness of existing controls
- Identify and address control deficiencies
- Identity and Access Management (IAM)
- Collaborate with the IAM team to ensure effective management of user identities and access privileges
- Assist in the implementation and maintenance of IAM systems and processes
- Incident Response
- Contribute to incident response plans and procedures related to information security incidents
- Assist in the investigation and remediation of security incidents
What You Bring to The Team:
- 2+ years of experience in a GRC or information security role
- Experience with GRC and Identity & Access Management tools
- Experience in a regulated public company is preferredBachelor's degree in information security, computer science, or a related field
- Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience)
- Certification in CISA or CISSP
- Strong understanding of access governance principles, frameworks, and best practices
- Knowledge of risk management frameworks (e.g., NIST RMF, FAIR)
What We Offer:
- Exceptional health, vision, and dental care
- Opportunity for equity ownership
- Life and AD&D, short- and long-term disability
- Employee Assistance Program
- Employee Resource Groups
- Fun company outings and events
- Unlimited PTO
- 401K with company match
#BI-Remote #LI-Remote
Pay Transparency. DailyPay takes a market-based approach to compensation, which may vary depending on your location. United States locations are categorized into three tiers based on a cost of labor index for that geographic area. The salary ranges are listed by geographic tier. Additionally, this role may be eligible for variable incentive compensation and stock options. Where a candidate fits within the compensation range for a role is based on their demonstrated experience, qualifications, skills, and internal equity.
New York City$111,000—$144,000 USDRemote, Premium (California, Connecticut, Washington D.C., New Jersey, New York, Massachusetts, Washington)$102,000—$133,000 USDRemote, Standard$97,000—$126,000 USD
DailyPay is committed to fostering an inclusive, equitable culture of belonging, grounded in empathy and respect, which values openness to opinions, awareness of lived experiences, fair treatment and access for all. We strive to build and develop diverse teams to create an organization where innovation thrives, where the full potential of each person is engaged, and their views, beliefs and values are integrated into our ways of working.
We encourage people of all backgrounds to join us on our mission. If you require reasonable accommodation for any aspect of the recruitment process, please send a request to peopleops@dailypay.com. All requests for accommodation will be addressed as confidentially as practicable.
DailyPay is an equal opportunity employer. All qualified applicants will receive consideration without regard to race, color, religion or creed, alienage or citizenship status, political affiliation, marital or partnership status, age, national origin, ancestry, physical or mental disability, medical condition, veteran status, gender, gender identity, pregnancy, childbirth (or related medical conditions), sex, sexual orientation, sexual and other reproductive health decisions, genetic disorder, genetic predisposition, carrier status, military status, familial status, or domestic violence victim status and any other basis protected under federal, state, or local laws.
Tags: Audits Business Intelligence C CCPA CISA CISSP Compliance Computer Science GDPR Governance IAM Incident response ISO 27001 NIST PCI DSS Risk assessment Risk management RMF SOC 2 SOX Vulnerabilities
Perks/benefits: 401(k) matching Career development Equity / stock options Health care Team events Unlimited paid time off
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.