Associate Analyst, Information Security GRC
Associate Analyst, Information Security GRC
This role is eligible for our hybrid work model: Two days in-office.
Why is this job a big deal:
The position is responsible for coordinating Priceline’s risk and compliance projects, elevating our security posture. As a leading tech company, this role requires an understanding of our existing infrastructure, cybersecurity controls and risk profile, as well as a willingness to learn about emerging technologies.
The Security Risk & Compliance Associate will be part of a high-performing and diverse information security team at Priceline, a US subsidiary of the biggest online travel company of the world. He/she will be part of a growing GRC team that has multiple exciting challenges.
In this role you will get to:
-
Coordinate end-to-end security GRC projects and initiatives to improve our security posture.
-
Maintain our different security controls frameworks, including NIST CSF maturity framework, PCI-DSS and NYDFS, enhancing the frameworks and controls based on recommendations from maturity and risk assessments.
-
Monitor control performance of information security controls across the business for timely and effective execution.
-
Coordinate information security training and awareness activities
-
Execution of third-party risk assessments and enhance our third-party risk assurance process and tooling.
-
Evaluation, maintenance and enhancement of our current security GRC tools.
-
Maintain and improve our information security policy framework, in accordance with our regulatory and compliance requirements.
-
Ensure quality of our key security processes (vulnerability management, security incident reporting).
-
Track progress of issues reported, vulnerabilities, and support in the creation of dashboards and metrics to facilitate this process.
-
Act as a security advocate, supporting business owners’ requests related to security (evaluate policy exception requests, complete third-party security questionnaires, etc)
-
Maintain our cybersecurity risk register and enhance our cybersecurity risk appetite framework.
Who you are:
-
Bachelor’s degree in Computer Engineering or Cybersecurity-related discipline
-
3 years of experience working in an information security GRC function
-
BIG4 experience is a plus.
-
Experience coordinating an external PCI-DSS audit is a plus.
-
One or more of the following certifications: CISSP, CRISC, CCSP, CCSK, CISA
-
Knowledge of security control and compliance frameworks: NIST CSF, PCI-DSS, ISO 27001
-
Basic understanding of security engineering best practices, as well as cloud security controls and DevOps & CI/CD development environments.
-
Experience driving security GRC initiatives in a proactive and independent manner
-
Experience working with cross-functional teams in fast-paced environments.
-
Solid problem-solving skills and attention to detail.
#LI-hybrid