GRC Analyst

A GRC Analyst within the Cyber Governance, Risk, and Compliance (GRC) team is a key team member supporting Aristocrat’s Global Information Security organization and cybersecurity objectives.

There are two primary responsibilities for this GRC Analyst role. The first involves coordinating a cybersecurity Policy Program. This includes crafting new and updating existing policy documents. It also involves running the roadmap and calendar, and joining internal audit discussions and security exceptions related to information security policies. The second focus is on leading and improving an information security education and training initiative. The work involves applying tools, new technologies, and strategies to maintain relevant, current material. This encourages a security-first culture.

What You'll Do

• Maintain and continuously improve the cybersecurity Policies Program including the management of the lifecycle of a policy from creation to publication and developer go-to-market communication materials.

• Process and assess risk exceptions to Aristocrat Security Policies, Standards, and Technical Security Requirements and manage security risks identified and documented in the cybersecurity risk register and proactively identify cybersecurity deficiencies or opportunities for improvement to policies.

• Manage and advance a Security Awareness and Training Program that focuses on fostering a cyber aware culture. Includes developing a calendar of campaigns encompassing corporate-wide and specific roles-based training and awareness and phishing.

• Continuously deliver maturity enhancements to the Security Awareness program using AI tools and strong communication skills to make training effective and engaging. Collaborate with threat intelligence resources to ensure strong linkage to new and relevant threats.

• Create role-based training curriculum across the organization focusing on the protection of resources and data, collaborating with internal teams such as People and Culture (HR) and Privacy.

What We're Looking For

Required Qualifications:

• Master’s degree and 2 years of experience in cybersecurity field; experience in Learning and Development or Communications is a plus.

• Or University / bachelor’s degree and 4 years’ experience in cybersecurity field; experience in Learning and Development or Communications is a plus.

• Or an Associate’s degree and 8 years' experience in cybersecurity field, experience in Learning and Development or Communications is a plus.

Preferred Qualifications:

• Experience in policy management lifecycle management from creation to communication to delivery

• Working knowledge of cybersecurity awareness training terminology such as phishing, smishing, ransomware, etc. with an ability to translate this information into accessible training for organization.

• Experience designing and deploying corporate-level awareness programs including regular awareness training, secure development training, and regular phishing campaigns.

• Ability to create and deliver on strategic needs for awareness and training program along with program management skills to prioritize, plan, and deliver in a global environment.

• Experience in using Artificial Intelligence (AI) tools to create, refine, personalize, and deliver training content at corporate level and for role-based training.

• Comprehensive and effective communication skills, including the ability to gather relevant data and information, connect through listening, dialogue freely, and verbalize ideas effectively.

Preferred Certifications:

• Certified Information Systems Security Professional (CISSP)

• Certified Cloud Security Professional (CCSP)

• Certified Information Security Manager (CISM)

• CompTIA Security+

• SANS Global Information Assurance Certifications (GIAC)

Why Aristocrat?

Aristocrat is a world leader in gaming content and technology, and a top-tier publisher of free-to-play mobile games. We deliver great performance for our B2B customers and bring joy to the lives of the millions of people who love to play our casino and mobile games. And while we focus on fun, we never forget our responsibilities. We strive to lead the way in responsible gameplay, and to lift the bar in company governance, employee wellbeing and sustainability. We’re a diverse business united by shared values and an inspiring mission to bring joy to life through the power of play.

We aim to create an environment where individual differences are valued, and all employees have the opportunity to realize their potential. We welcome and encourage applications from all people regardless of age, gender, race, ethnicity, cultural background, disability status or LGBTQ+ identity. EEO M/F/D/V

• World Leader in Gaming Entertainment

• Robust benefits package

• Global career opportunities

Our Values

• All about the Player

• Talent Unleashed

• Collective Brilliance

• Good Business Good Citizen

Travel Expectations

Pay Range

Our goal is to pay a market competitive salary focusing near the median of our pay ranges. However, final offers for all positions will be based on several factors such as experience level, education, skills, work location, and internal pay equity.

This position offers a comprehensive benefits package, including health, dental, and vision insurance, paid time off, and a 401(k) plan with employer matching, more details available at https://atibenefits.com/.

Additional Information

This role is subject to mandatory background screening and regulatory approvals. As part of your employment with Aristocrat, you may be required to complete a criminal background check, submit fingerprints, and obtain licenses or registrations with applicable gaming regulatory authorities.

Aristocrat operates in a highly regulated environment and holds licenses in over 340 gaming jurisdictions worldwide. To meet our global compliance obligations, you will be required to provide the disclosure of relevant personal and background information to government agencies, sovereign nations/tribal regulators, and other applicable gaming regulatory bodies. This is a condition of Aristocrat’s gaming licenses. The specific information required may vary depending on the jurisdiction and project assignment.