Senior Information Security GRC Risk Analyst

Job Description

OneTrust is seeking a Senior Information Security GRC Risk Analyst to join their InfoSec GRC team. The analyst will be responsible for identifying, assessing, and mitigating risks related to the security of the organization's information systems and data. This involves analyzing potential threats, developing strategies to protect against security breaches, and ensuring compliance with industry standards and regulations.Role involves:

• Conducting risk assessments to identify vulnerabilities and potential threats.
• Monitoring, tracking, and documenting risks within the OneTrust platform.
• Preparing detailed reports on security findings and recommendations.
• Performing regular security audits to ensure compliance.
• Assisting in the creation and maintenance of security policies.
• Supporting customer audits and the overall ERM function.

Requirements:

• Deep understanding of information security frameworks, risks, and mitigation strategies.
• Understanding of GDPR, CCPA, PCI-DSS, SOC 2, ISO, and FedRAMP.
• Working knowledge of security risk management methodologies and procedures.
• Understanding of sensitive data types and classifications.
• Bachelor’s degree or 5-8 years of equivalent work experience.

OneTrust offers:

• Flexible PTO
• Equity stock options
• Annual performance bonus opportunities
• Retirement account support
• Career development opportunities
• Company-paid privacy certification exam fees