Senior Information Security GRC AnalystSenior Information Security GRC AnalystApply locations Brazil - Remote time type Full time posted on Posted Yesterday job requisition id R16477About the Team/RoleWEX is seeking an experienced Information Security Governance, Risk, and Compliance (GRC) Analyst to join our dynamic security team. In this role, you will be responsible for developing, implementing, and managing our organization's security governance framework, assessing and mitigating risks, and ensuring compliance with applicable regulations and standards. As a security analyst, you will lead complex projects, provide strategic insights to security related tasks, and guidance to other teams across the enterprise.How you'll make an impactDevelop, implement, and maintain security policies, standards, and guidelines in alignment with regulatory and industry requirements.Assist in efforts to assess and enhance the organization's information security governance framework, ensuring consistent application across all business units.Provide guidance and support to business units in implementing and adhering to security policies, standards and procedures.Monitor and report findings, and metrics on the effectiveness of security governance initiatives to senior management.Conduct risk assessments, including identifying, analyzing, and prioritizing risks, to determine the potential impact on the organization.Collaborate with business units to develop and implement risk mitigation strategies, ensuring that security controls are appropriate and effective.Continuously monitor and review the organization's risk posture, adjusting strategies as needed to address emerging threats.Prepare and present risk assessment findings, metrics, and recommendations to stakeholders, including executive management.Ensure the organization's compliance with relevant regulatory requirements, industry standards (e.g., ISO 27001, PCI-DSS, NIST, GDPR, HIPAA, DORA, etc.), and internal policies.Conduct regular audits and assessments to verify adherence to security controls and compliance requirements.Serve as a subject matter expert on security compliance, providing advice and guidance to teams across the organization.Participate in incident response activities, including investigation, containment, and recovery.Conduct root cause analysis of security incidents.Develop and maintain incident response plans and procedures.Manage and oversee third-party audits, including coordination of responses to audit findings and ensuring remediation of any identified issues.Prepare and submit compliance reports to regulatory bodies as required.Assess and manage the security posture of third-party vendors and service providers.Ensure that third-party contracts include appropriate security requirements.Prepare and develop corrective action plans.Prepare and deliver reports on metrics, compliance status, and risk management activities to executive leadership and other stakeholders.Develop and deliver security awareness and training programs to educate employees on security policies, procedures, and best practices.Promote a culture of security awareness throughout the organization, encouraging proactive risk management and compliance.Experience you'll bringBachelor's degree in Information Security, Computer Science, or a related field.Experience in information security in a Governance, Risk, and Compliance (GRC) role.In-depth knowledge of information security frameworks, standards, and regulations.Proven experience in risk management and compliance activities.Experience with industry regulatory compliance framework (e.g., PCI-DSS, HITRUST, SOX/SOC, NIST, FedRamp, FISMA, etc.).Demonstrated ability to take initiative and accountability for achieving results.Understanding of cloud-based infrastructure components with specific understanding of the security risks presented in a decentralized and hybrid environment.Experience with security audit processes and responding to regulatory inquiries.Experience with security industry tools and best practices.Strong analytical, problem-solving, and decision-making skills.Excellent communication and interpersonal skills with the ability to effectively convey technical information to non-technical stakeholders.Ability to work independently and as part of a team in a fast-paced, dynamic environment.Strong project management skills with the ability to manage multiple priorities simultaneously.Experience with gathering metrics and creating dashboards to be presented to executive management.Certified Information Systems Auditor (CISA).Certified Information Systems Security Professional (CISSP).Certified in Risk and Information Systems Control (CRISC).CompTIA's Security+ (Security+).About UsWEX is a global commerce platform that helps businesses solve for operational complexities like employee benefits, managing and mobilizing fleets, and streamlining payments.With over 6,500 employees, we work with large and small companies in more than 200 countries and territories, and can tailor our services to meet the unique needs of their businesses.We hire people who share our passion for continuous innovation and client service that is unparalleled in the industry. Offering comprehensive and market competitive benefits, our offerings are designed to support your personal and professional well-being. If you're looking for a growing career - come be part of WEX today.WEX is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex, race, color, age, national origin, religion, sexual orientation, gender identity, protected veteran status, disability or other protected status. WEX promotes a drug-free workplace.Qualified individuals with a disability have the right to request a reasonable accommodation. If you require a reasonable accommodation as a result of your disability at any point in the job application process, please submit your request through our Reasonable Accommodation Request Form.
#J-18808-Ljbffr