Careers / Positions Senior GRC Associate
Our goal is to listen, engage, and activate voices across Red Ventures to ensure that all identity groups and perspectives are represented in our work. Our aspiration is to have diverse teams at every level of the company, and we seek candidates who bring unique personal experiences, curiosity and an eagerness to embrace diversity, equity, and inclusion.
At a Glance
As a GRC Senior Associate, you will work closely with our business, legal, security, and technology teams to identify, measure and report on technology risk. You will work to ensure compliance with US and International laws, rules, standards, and contractual obligations. You should be passionate about security and the myriad of security standards and guidelines that large successful companies follow. You will have latitude to make decisions, teach, and collaborate with a broad group of bright and energetic people throughout the company.
What You’ll Do
- Ensure compliance with company policies and standards, including regulatory, legal and contractual requirements, by providing ongoing support and advice to control owners and cross-functional teams on control design and effectiveness.
- Manage engagement with outsourced auditors, analyze evidence and facilitate walkthroughs to achieve key business certifications.
- Work with technology and business teams to develop, prioritize and document risk mitigation action plans, along with recommendations to reduce information security risk within their areas.
- Manage the remediation of security assessment findings and recommendations.
- Test information security controls, across multiple business processes and/or locations, ensuring implementation techniques meet the intent of organizational compliance frameworks and security requirements.
- Support multiple security GRC initiatives, as needed, including development of the company's security program, policies, and standards, implementation of security awareness programs, and development of metrics and reporting framework.
- Identify, assess, measure and monitor technology risk by performing hands-on, data-focused risk assessments, actively participating in all aspects of the risk management process.
- Identify opportunities for automation and integration of GRC programs, develop requirements and recommend solutions or products to meet the need.
What We’re Looking For
- Excellent written and verbal communication skills; must be able to enhance documented security requirements, raise awareness of those requirements through multiple communication channels, as well as interface with all levels of the organization.
- Self-starter with the ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals, and communicate progress in a timely and meaningful manner.
- Experience identifying failures or inefficiencies in processes, conflicting business practices and integration issues, and providing alternative solutions.
- Experience with data analytics methodologies and tooling to support risk reporting, risk assessment and control testing.
- Hands-on experience performing security risk or compliance assessments (e.g., ISO 27001, PCI DSS, CIS 20 or similar) is a plus.
- Possess understanding of controls pertaining to cloud security and computing, system development lifecycle, and privacy (e.g., GDPR, CCPA).
Red Ventures is a portfolio of influential brands, digital platforms, and strategic partnerships. We’re made up of dozens of teams spanning multiple industries and geographies - all working together to help people make life’s most important decisions. Whether you’re looking for freedom to build new brands and businesses from the ground up, an opportunity to partner with brands who are already globally recognized, or a combination of both - this is a place where you can unlock substantial experience and even make entire career shifts, all within one organization.Learn More about Red Ventures
Covid 19 Vaccine Requirement: Unless otherwise prohibited by law, if a candidate is successful and a conditional job offer is made, the candidate then will be required to submit proof of a full vaccination series against COVID-19. Requests for reasonable accommodations on the basis of disability, pregnancy status, or religious belief will be considered on an individualized basis.