Sr. GRC Analyst

About Blackhawk Network

Today, through BHN’s single global platform, businesses of all kinds can tap into the world’s largest network of branded payment solutions. BHN helps businesses grow revenue, increase loyalty, motivate and reward their teams, disburse funds and engage consumers. Branded payment solutions include the issuance and distribution of gift cards, egifts, corporate payouts and rewards, along with the technology to deliver these products in seamless, integrated ways. BHN’s network spans the globe with more than 400,000 consumer touchpoints. Learn more at BHN.com.

This position may be performed remotely anywhere within the United States except for the State of Colorado, Alaska, North Dakota, or South Dakota. Employees located within 50 miles of a BHN office will be considered a "Hybrid" employee and are required to come into the office 2 days per week based on office schedule. 

Overview

As the Sr. GRC Analyst, you excel at managing competing priorities and have ample experience collaborating with stakeholders, developing communication plans, and overseeing all aspects of the program management. You are committed to delivering precise, high-quality outputs that meet non-negotiable compliance driven deadlines. You are a leader for the team and influence outcomes across organizational departments. You are adept at testing and monitoring technical controls and solutions to satisfy customer and regulator expectations. You defend your ideas with confidence, backed by data and reporting, and address critical issues promptly through effective escalation management.

Responsibilities

• Build trusted partnerships and collaborate with auditors, internal and external customers, control owners, and mentor other analysts.
• Learn the numerous BHN product platforms and develop a broad domain and technical understanding of the security activities and control implementations.
• Articulate compliance implications to auditors, internal and external customers, control owners.
• Translate compliance regulations or standards into control implementation for team, processes, various technical stacks, or hosting environments.
• Lead and execute entire external and internal audit programs independently.
• Design, develop, implement, and manage control testing and monitoring programs.
• Design and implement improvements to the teams’ programs, processes, and procedures.
• Perform security reviews for new architectural initiatives, exception requests, or risk management evaluations. Identify findings, and lead remediation efforts.
• Monitor, evaluate, and continuously improve the team by being a trusted adviser, facilitator, and creative problem solver.
• Design, develop, implement and manage best practices for assessing and evaluating IT & security controls for the organization, third-party businesses, and provide M&A support. 
• Participate in regular team operations support activities.
• Continuously stay informed of the global compliance landscape and the applicability to the business objectives.
• Continuously stay informed of emerging security threats and the applicability to the company and GRC programs.

Qualifications

Competencies

• Excellent written and verbal communication skills.
• Highly skilled in project or program management.
• Agility and experience with adapting to significant shifts in projects or roles or workload.
• Highly experienced in managing multiple competing priorities in a fast-paced environment, with a proven ability to address critical issues promptly.
• Strong analytical and critical thinking skills with the ability to use data to back up assumptions, recommendations and drive actions.
• Ability to effectively give and receive feedback and translate actionable feedback into results.
• Skilled at independently initiating and navigating complex, highly unstructured problems to achieve successful outcomes.
• Strong collaboration skills with a and a proven track record of building trust with diverse functional groups across the organization or outside of the organization.
• Experience independently driving large programs, mentoring peers, and fostering a positive team environment.

Technical

• Experience auditing cloud environments.Comprehensive audit experience evaluating technical information security, privacy, availability, confidentiality, integrity, or other information technology controls.
• Experience implementing an overall compliance program for security standards and best practices such as PCI DSS, ISO 27001, HIPAA/HITECH, GDPR, NIST, OWASP, SSAE-18 SOC1, SOC2 TSC, or SOX ICFR/ITGC. 
• Experience writing data queries and/or simple scripts, implementing technical controls, or other related skills learned from IT related jobs.
• Experience with the risk management lifecycle when performing assessments and remediation of findings.
• Practical & technical understanding of network, system, application, SDLC, cybersecurity, and cloud security systems. 
• Experience in implementing or working with projects focused on the technical automation and scalability of compliance, audit, risk, or other GRC processes and functions.

Education/Experience

• Bachelor’s degree in Business, Information Systems, Computer Science or work experience equivalent. 
• 5+ years of experience auditing information security frameworks while assessing cloud system architecture, software development, or IT operations and compliance.
• Desired security certification in CISA, CRISC, CISM, PCI-ISA, ISO 27001 Lead Auditor or other relevant certifications.
• Desired professional services experience leading audit engagements consulting/security advisory.

Benefits

Salary Range for all U.S. Residents (excluding Alaska, California, North Dakota, South Dakota): $81,660.00 to $110,250.00

Salary Range for California Residents Only: $101,660.00 to $137,250.00

Pay is based on several factors including but not limited to education, work experience, certifications, etc. In addition to your salary, Blackhawk Network offers benefits including 401k with employer match, medical, dental, vision, 12 paid holidays in the year 2024, sick pay accrual according to state law, parental leave, life insurance, disability insurance, accident and illness insurance, health and dependent care flexible spending accounts, wellness benefits, and flexible time off for all full-time employees. 

EEO Statement

Blackhawk Network provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.  Blackhawk Network believes that diversity leads to strength. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Blackhawk Network encourages applicants with previous criminal records to apply to all positions and, pursuant to the San Francisco and Los Angeles Fair Chance Acts (and other “Fair Chance” laws), Blackhawk Network will consider for employment qualified applicants with arrest and conviction records.  For Philadelphia applicants or jobs, please see a copy of Philadelphia’s ordinance on this topic by clicking this link: https://codelibrary.amlegal.com/codes/philadelphia/latest/philadelphia_pa/0-0-0-280104.