Cyber GRC Analyst

The Company:

Marigold helps brands foster customer relationships through the science and art of connection. Marigold Relationship Marketing is a suite of world-class martech solutions that help marketers create long term customer love and loyalty. Marigold provides the most comprehensive set of use cases for marketers at any level. Headquartered in Nashville, Tennessee, Marigold has offices globally across the United States, Europe, Australia, New Zealand, South America and Central America, as well as in Japan.
 

The Role:
 

The Cyber GRC Analyst will support the cybersecurity governance, risk management, and compliance program globally.  This role requires a general understanding of cybersecurity principles, various regulatory requirements, and industry accepted practices to ensure our assets are well secure and the integrity of our operations are maintained at all times.  Knowing that we are able to protect data is a key concern of our customers and prospects, and is often a critical factor in their decision to use our services. This role will play a significant part in helping Marigold provide these reassurances and continue growing the business.  In this role, you will gain an understanding of the various security controls we operate across the enterprise and product lines.  You will work closely with a globally-diverse team, including product and engineering, network, infrastructure, legal, and sales, amongst others.  

 What You’ll Do: 

• Support the development and implementation of cyber governance, risk, and compliance frameworks tailored to the unique needs of our products and services.

• Participate in risk assessments to identify potential threats, vulnerabilities, and gaps in our security posture.

• Collaborate with internal stakeholders to establish and enforce security policies, standards, and procedures.

• Support and participate in compliance efforts to ensure adherence to industry regulations, standards, and best practices (e.g., ISO 27001, SOC, PCI-DSS, HITRUST, NIST, and other recognized frameworks and controls).

• Manage third-party risk assessments and vendor security evaluations to mitigate supply chain vulnerabilities.

• Support the execution of the information security awareness training programs to foster a culture of cybersecurity awareness among employees.

• Coordinate and support internal and external audits, responding to findings, and implementing corrective actions, as necessary.

• Stay abreast of emerging cybersecurity threats, regulatory developments, and industry trends to proactively address potential risks.

• Provide regular reports and updates to senior management on the effectiveness of cyber GRC controls and the overall security posture.

• Coordinate with various teams to respond to customer security assessments, questionnaires, requests for information, requests for proposals, cybersecurity addendums, and data protection agreements.

• Assist with customer audits requests and participate in occasional customer meetings.

• Update and help maintain information knowledge bases and repositories.

Ideal Qualifications:

• Excellent time management and organizational skills, with a strong ability to prioritise tasks according to business needs.

• A self-starter who demonstrates initiative and has a proven ability to work independently and collaborate effectively across all organizational levels.

• Analytical mindset with the ability to assess risks, prioritize tasks, and make data-driven decisions.

• Quickly develop a comprehensive understanding of Marigold security controls and be able to clearly communicate them.

• Strong problem-solving skills and initiative.

• A good understanding of information security concepts along with a broad, basic understanding of IT systems and technology.  

• Strong customer service skills and ability to effectively manage pressure situations and urgent requests.

• Ability to interpret and understand cybersecurity principles, frameworks (e.g., ISO 27001, SOC, PCI-DSS, HITRUST, etc.) and regulatory requirements.

• Experience with software development lifecycle and cloud security practices is a plus.

• Working knowledge of the Google office suite of applications, Salesforce, Slack, Jira, Confluence, Loopio, and Safebase are a plus.

What We Offer: 

• The table-stakes benefits you’d expect including: medical/dental/vision, life and disabilities insurance.

• Generous time off (we call it Open Time Away) as well as paid holidays and a birthday benefit day off.

• 401k plan with a company match on your contributions.

• Employee-centric and supportive remote work environment with flexibility.

• Support for life events including paid parental leave.