This role is eligible for our five day flex office work model.
Senior Analyst, Compliance
Why is this job a big deal:
The position is responsible for managing Priceline’s risk and compliance functions, elevating our security posture. As a leading tech company, this role requires an understanding of our existing infrastructure, cybersecurity controls and risk profile, as well as a willingness to learn about emerging technologies.
The Senior Security Risk & Compliance Analyst will be part of a high-performing and diverse information security team at Priceline, a US subsidiary of the biggest online travel company of the world. He/she will be part of a growing GRC team that has multiple exciting challenges.
In this role you will get to:
Own end-to-end security GRC projects and initiatives to improve our security posture.
Maintain our different security controls frameworks, including NIST CSF maturity framework, PCI-DSS and NYDFS, enhancing the frameworks and controls based on recommendations from maturity and risk assessments.
Monitor control performance of information security controls across the business for timely and effective execution.
Coordinate security audit fieldwork (external and internal audits) and other assurance activities.
Execution of third-party risk assessments and enhance our third-party risk assurance process and tooling.
Evaluation, maintenance and enhancement of our current security GRC tools.
Maintain and improve our information security policy framework, in accordance with our regulatory and compliance requirements.
Track progress of issues reported, vulnerabilities, and support in the creation of dashboards and metrics to facilitate this process.
Act as a security advocate, supporting business owners’ requests related to security (evaluate policy exception requests, complete third-party security questionnaires, etc)
Maintain our cybersecurity risk register and enhance our cybersecurity risk appetite framework.
Who you are:
6-8 years of experience working in an information security GRC function
One or more of the following certifications: CISSP, CRISC, CCSP, CCSK, CISA
Knowledge of security control and compliance frameworks: NIST CSF, PCI-DSS, ISO 27001
Basic understanding of security engineering best practices, as well as cloud security controls and DevOps & CI/CD development environments.
Experience driving security GRC initiatives in a proactive and independent manner
Experience working with cross-functional teams in fast-paced environments.
Solid problem-solving skills and attention to detail.