GRC Analyst at Volusion
At Volusion, we make products that people love. Our teams are dedicated to providing SaaS commerce solutions and services for all business types, ranging from startups to large enterprises. If you are the kind of entrepreneur that loves working in teams, has a passion for driving positive change, and wants to change the world with your ideas, we want to hear from you.
As a Governance, Risk, and Compliance (GRC) Analyst you will be reporting to the CISO. This role will be responsible for supporting our ongoing compliance efforts (PCI DSS, GDPR, CCPA, etc), working collaboratively to manage risk within the organization, and helping shape the Volusion information security program through documentation and evaluation of security controls within Volusion. You will work side by side with the information security team and others from across the organization to help ensure our customers and their shoppers’ data stays secure.
- Lead continuous compliance efforts to evaluate the design and effectiveness of controls at Volusion against various regulatory requirements (PCI DSS, GDPR, CCPA, etc.).
- Coordinate efforts and activities during Volusion’s annual PCI DSS audit as the primary point of contact for the auditor.
- Ongoing review, revision, and management of Volusion policies, procedures, standards and technical diagrams. Monitor and track exception to policies (ETP).
- Create and execute an annual internal audit plan to demonstrate organizational compliance with policies and practices including the preparation of test plans describing the audit process, execution of test plans, documentation of the results of testing with conclusions reached based on the evaluation of evidence, and assisting with the development and tracking of recommended remediation activities when needed.
- Lead risk management efforts within the organization to include meeting with various stakeholders to understand and document current risks, identify risk owners, assist with the creation of risk treatment plans, and document ongoing efforts to manage risk in alignment with organizational risk appetite all within a dynamic Risk Register and dashboard.
We are looking for someone with:
- Minimum 2-4 years experience in a security or compliance role.
- Strong understanding of relevant regulatory requirements such as PCI-DSS and GDPR as well as security frameworks such as NIST CyberSecurity Framework (CSF).
- Intermediate technical skills sufficient to navigate within an environment when needed to validate controls and collect evidence.
- Knowledge of and experience with the development and maintenance of organizational risk management practices.
- Excellent interpersonal and communication (written and verbal) skills. Ability to build rapport with and influence a wide range of stakeholders across the organization to be a change agent.
- Attention to detail. Ability to multitask. Flexible. Accountable.
- Certification such as CISA, CRISC and CISSP considered a plus.
Who is also the embodiment of our culture code (we hope you are nodding your head in agreement as you browse through it!):
- Humble: Have humility and be respectful; no egos allowed.
- Effective: Get stuff done!
- Adaptable: Willing to fill any role, anytime. Going above/beyond the call of duty.
- Transparent: Open and honest to self and others.
- Collaborative: We favor teamwork and take ownership.
- A founder: Think big, go fast, and solve for the customer.
Benefits & Perks:
- Competitive compensation packages
- Medical, Dental, Vision, and Voluntary Life Insurance
- Paid parental leave
- Flexible Paid Time Off
- 401(k) with Company Matching
- On-site Fitness and Yoga Classes
- Casual Dress
- Breakfast taco and beer Fridays
- Endless Supply of Tiny House Nitro Coffee, Waterloo Sparking Water, fruit and snacks
- Two Volunteer Days Off
- Bring Your Dog to Work Days
- Adjustable desks
- Chair Massages
- Team Sports and Team Outing