Senior GRC Analyst

Company: TMX Finance
Location: Carrollton
Posted on: February 25, 2021

Job Description:

Requisition ID 2021-9284Category: IT/ISLocation: US-TX-CarrolltonOverview

Senior GRC Analyst
Carrollton, TX

The TMX Finance-- Family of Companies is looking for a Senior GRC Analyst to join our team and oversee our Information Security Compliance program. As a Senior GRC Analyst, you will help mature our Information Security Compliance Program and supporting activities related to development and maintenance of policies, standards, procedures, and controls. You will collaborate with the broader security team and other departments within TMX to advance program maturity, assess security risks, and communicate/facilitate remediation of those risks.

The health and well-being of our Team Members, their families, and our customers remains a top priority for us. That's why we've taken a number of steps to help maintain a clean and safe environment where Team Members can thrive, and customers can feel safe. Currently, in our stores and Corporate offices, we're practicing social distancing, wearing face coverings (subject to certain exemptions), cleaning frequently, and following state and local requirements as well as Center for Disease Control (CDC) guidelines to help ensure a clean and safe environment for all. As the situation evolves, changes may be made to our practices, in line with state and local mandates as well as CDC-guidelines.

Responsibilities

Oversee all Governance, Risk and Compliance for the IT department.

Aid in the further development and maturation of the IT Security Risk Management Program and overall tools.

Develop and maintain a Risk Controls Matrix (RCM) that aligns with applicable regulatory and compliance requirement frameworks

Determine, develop, maintain, and publish corporate-level information security policies, standards, procedures, and guidelines, including incident response and compliance reporting procedures for general IT controls and SOX.

The identification, testing, maintenance, compliance reporting and management assertion of general IT controls.

Leads the effort to implement new versions of PCI-DSS requirements, including the reviewing of the technology lifecycle and end of life impacts (platforms, software, database) on PCI applications and Cardholder Data Environment.

Coordinates the work of the Qualified Security Assessor (QSA), as required

Ensures the effective maintenance of the program to monitor service providers PCI-DSS compliance status.

Manages PCI compliance risks and issues log

Responds to alleged violations of PCI compliance policies, procedures, and standards by evaluating or recommending the initiation of investigative procedures

Providing organizational guidance, leadership and promoting general awareness and training of security policies and program.

Promoting adherence to NIST and other generally accepted IT security and control practices throughout the IT landscape.

Supervise all investigations relating to security threats, legal discovery, and violation of security policies and provide on-going communication with senior management.

Engage in penetration studies, threat analysis, vulnerability assessments, and security audit activities to ensure IT controls and security are effective.

Maintain close working relationships with Internal/External Auditors on Interim, Annual, Intellectual Property, SOX & regulatory engagements.

Assist peer managers in understanding security and control deficiencies and responding to internal and external audit reports.

Verify relevant third-party attestations to validate the necessary safeguards are in place to protect our information assets under their care Ensure that any remedial actions required by external parties are addressed, Conduct security reviews of potential third-party providers / acquisition targets

Perform periodic information privacy risk assessments and conduct related ongoing compliance monitoring activities in coordination with the entity's other compliance and operational assessment functions.

Qualifications

• Bachelor's degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline is required. Four (4) years of experience in IA/Information Security will be an acceptable substitute for a bachelor's degree
• Minimum 5+ years in Information Security, Governance, Risk and Compliance
• Minimum 5+ years of IT and Cyber Security experience
• Regulatory compliance, including information security management frameworks (e.g.,PCI-DSS, NIST CSF, ISO2700x, SANS Top 20 Critical Security Controls, SOX, COBIT)
• Experience actively governing risks and threats
• Experience conducting Risk Assessments and facilitating executive level risk discussions
• Physical demands for this position frequently include: the ability to remain in a stationary position, move about freely inside and occasionally outside of the office, and the operation of mechanical controls, such as a keyboard.
  
  Preferred Qualifications
  
  • Experience in developing and implementing information security practices in a retail financial, or a highly decentralized corporate environment
  • Information Security certifications: CISSP, CISM and CIPP
  • IT Security experience in a large multi-site retail/financial retail environment.
  • IT Security experience in large multi-vendor Cloud (AWS, Azure, Oracle) environments.
  • Bachelor's degree in computer science or related field
    
    Learn More About Us
    
    The Senior GRC Analyst is part of the Information Services team, who works to design and drive the innovation that keeps us competitive. The IT team members are the first responders to global initiatives creating cutting-edge solutions that enhance and differentiate our customers' experiences, and the Service Desk provides a single point of contact to help meet our team members' technology needs. To learn more, visit .
    
    Check out what's happening in our Company at .
    
    The information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor is it intended to be an all-inclusive list of the skills and abilities required to do the job. The Company may, at its discretion, revise the job description at any time, and additional functions and requirements may be assigned by supervisors as deemed appropriate. Requirements, skills and abilities included have been determined to illustrate the minimal standards required to successfully perform the position.
    
    All TMX Finance-- Family of Companies Are Equal Opportunity Employers. PI130731518

Keywords: TMX Finance, Carrollton , Senior GRC Analyst, Professions , Carrollton, Texas