GRC Analyst

At Bazaarvoice, we create smart shopping experiences. Through our expansive global network, product-passionate community & enterprise technology, we connect thousands of brands and retailers with billions of consumers. Our solutions enable brands to connect with consumers and collect valuable user-generated content, at an unprecedented scale. This content achieves global reach by leveraging our extensive and ever-expanding retail, social & search syndication network. And we make it easy for brands & retailers to gain valuable business insights from real-time consumer feedback with intuitive tools and dashboards. The result is smarter shopping: loyal customers, increased sales, and improved products. The problem we are trying to solve : Brands and retailers struggle to make real connections with consumers. It's a challenge to deliver trustworthy and inspiring content in the moments that matter most during the discovery and purchase cycle. The result? Time and money spent on content that doesn't attract new consumers, convert them, or earn their long-term loyalty. Our brand promise : closing the gap between brands and consumers. Founded in 2005, Bazaarvoice is headquartered in Austin, Texas with offices in North America, Europe, Asia and Australia.  It’s official: Bazaarvoice is a Great Place to Work in the US , Australia, India, Lithuania, France, Germany and the UK!
As a GRC Analyst on the Bazaarvoice Information Security and Privacy team, you will play a key role in ensuring that our compliance, privacy, and risk management programs are operating efficiently and effectively.

You will engage with a diverse group of stakeholders from across the organization to evaluate, execute and improve existing processes or expand into additional areas of audit and governance. This role requires strong communications and critical thinking skills, attention to detail, eagerness to learn, and a strong desire to help.

What you will be doing:

• Compliance- Interact with stakeholders as follows:
• Interview them to learn how their processes work.
• Request supporting evidence for processes
• Analyze information from interactions with stakeholders to determine the following:
• If internally-defined controls align with ISO 27001 requirements.
• If internally-defined controls are operating effectively
• Document the interview process, outcome, and related evidence.
• Communicate detected non-conformities, opportunities for improvement, and recommended corrective actions to stakeholders.
• Track progress for corrective actions.
• Calculate and provide program metrics (number of controls tested; test results; and corrective action status) to senior leadership.
• Risk Management
• Help manage the connection between internal audit and risk management:
• Collate non-conformity reports and analyze how non-conformities impact the risk rank of the domain they are included in.
• Calculate and communicate calculated risk rank based on the analysis performed.
• Update risk rank when internal audit corrective actions are completed and result in non-conformities being resolved.
• In addition to helping manage the connection between internal audit and risk management, help perform risk analysis for new systems, software, and/or identified vulnerabilities
• Develop and document risk treatment recommendations.
• Communicate risk treatment recommendations to stakeholders.
• Track risk treatment progress and collate metrics.
• Communicate risk treatment metrics to senior leadership.
• Governance
• Organize documentation reviews, taking ownership of communicating review requests to appropriate stakeholders and tracking their review progress.
• Collate review feedback and apply it to related documentation.
• Prepare documentation for final publishing.
• Work with appropriate business units to help communicate policy updates to Bazaarvoice team members.
• Work with stakeholders to support them in developing ISMS documentation they own
• Provide guidance to stakeholders regarding documentation they must develop in support of ISMS policies (standards, processes, plans).
• Track the completion status of stakeholder’s documentation.
• Help stakeholders finalize and publish their documentation.
• Ensure stakeholder documentation is represented in ISMS documentation set.

Why join Bazaarvoice? Customer is keyWe see our own success through our customers’ outcomes.  We approach every situation with a customer first mindset. Transparency & Integrity Builds TrustWe believe in the power of authentic feedback because it’s in our DNA. We do the right thing when faced with hard choices. Transparency and trust accelerate our collective performance. Passionate Pursuit of PerformanceOur energy is contagious, because we hire for passion, drive & curiosity. We love what we do, and because we’re laser focused on our mission. Innovation over ImitationWe seek to innovate as we are not content with the status quo. We embrace agility and experimentation as an advantage. Stronger TogetherWe bring our whole selves to the mission and find value in diverse perspectives. We champion what’s best for Bazaarvoice before individuals or teams.  As a stronger company we build a stronger community. Commitment to diversity and inclusion Bazaarvoice provides equal employment opportunities (EEO) to all team members and applicants according to their experience, talent, and qualifications for the job without regard to race, color, national origin, religion, age, disability, sex (including pregnancy, gender stereotyping, and marital status), sexual orientation, gender identity, genetic information, military/veteran status, or any other category protected by federal, state, or local law in every location in which the company has facilities. Bazaarvoice believes that diversity and an inclusive company culture are key drivers of creativity, innovation and performance. Furthermore, a diverse workforce and the maintenance of an atmosphere that welcomes versatile perspectives will enhance our ability to fulfill our vision of creating the world’s smartest network of consumers, brands, and retailers.
Please note: Candidates who are successful will be required to undergo a Basic level DBS (Disclosure and Barring Service) background check.