Associate Analyst, Information Security GRC

This role is eligible for our hybrid work model: Two days in-office.
 

Why is this job a big deal:

The position is responsible for coordinating Priceline’s risk and compliance projects, elevating our security posture. As a leading tech company, this role requires an understanding of our existing infrastructure, cybersecurity controls and risk profile, as well as a willingness to learn about emerging technologies.

The Security Risk & Compliance Associate will be part of a high-performing and diverse information security team at Priceline, a US subsidiary of the biggest online travel company of the world. He/she will be part of a growing GRC team that has multiple exciting challenges.

In this role you will get to: 

• Coordinate end-to-end security GRC projects and initiatives to improve our security posture.

• Maintain our different security controls frameworks, including NIST CSF maturity framework, PCI-DSS and NYDFS, enhancing the frameworks and controls based on recommendations from maturity and risk assessments.

• Monitor control performance of information security controls across the business for timely and effective execution.

• Coordinate information security training and awareness activities

• Execution of third-party risk assessments and enhance our third-party risk assurance process and tooling.

• Evaluation, maintenance and enhancement of our current security GRC tools.

• Maintain and improve our information security policy framework, in accordance with our regulatory and compliance requirements.

• Ensure quality of our key security processes (vulnerability management, security incident reporting).

• Track progress of issues reported, vulnerabilities, and support in the creation of dashboards and metrics to facilitate this process.

• Act as a security advocate, supporting business owners’ requests related to security (evaluate policy exception requests, complete third-party security questionnaires, etc)

• Maintain our cybersecurity risk register and enhance our cybersecurity risk appetite framework.

Who you are: 

• Bachelor’s degree in Computer Engineering or Cybersecurity-related discipline

• 3  years of experience working in an information security GRC function

• BIG4 experience is a plus.

• Experience coordinating an external PCI-DSS audit is a plus.

• One or more of the following certifications: CISSP, CRISC, CCSP, CCSK, CISA

• Knowledge of security control and compliance frameworks: NIST CSF, PCI-DSS, ISO 27001

• Basic understanding of security engineering best practices, as well as cloud security controls and DevOps & CI/CD development environments.

• Experience driving security GRC initiatives in a proactive and independent manner

• Experience working with cross-functional teams in fast-paced environments.

• Solid problem-solving skills and attention to detail.

• Illustrated history of living the values necessary to Priceline:  Customer, Innovation, Team, Accountability and Trust. 

• The Right Results, the Right Way is not just a motto at Priceline; it’s a way of life. Unquestionable integrity and ethics is essential.   
  #LI-hybrid