Security GRC Sr Analyst I

📋 Description

• • Join LTK, a pioneering technology platform dedicated to empowering lifestyle creators and driving their economic success, as a Security GRC Sr Analyst I. In this pivotal remote role, you will report to the Sr Manager, Security GRC and collaborate extensively with cross-functional teams including Platform, Engineering, Legal, and Privacy. Your expertise will be instrumental in ensuring continuous security compliance monitoring for the LTK platform and its supporting systems. You will spearhead initiatives to meticulously document our security commitments, guarantee adherence to both internal policies and external regulatory standards, facilitate informed decision-making grounded in risk assessment, and significantly bolster our organizational 'human firewall' through comprehensive security awareness programs.
• • As a senior member of the GRC team, your responsibilities extend beyond daily operational execution. You will play a crucial role in shaping and refining LTK's overall strategy for security governance and risk management, contributing to the company's robust security posture and its ongoing growth.
• • Compliance Management:
• • Requirement & Control Administration: You will be responsible for maintaining and enhancing a centralized repository of all security controls and requirements. This includes the critical task of mapping internal controls to relevant regulatory frameworks and industry standards such as SOC 2, GDPR, CCPA, and PCI-DSS, ensuring LTK meets its compliance obligations.
• • Questionnaire & Contract Support: Act as the primary point of contact for responding to customer security questionnaires and conducting thorough reviews of vendor contracts from a security perspective. You will articulate LTK's security posture effectively to external partners and clients, playing a key role in sales enablement and building trust.
• • Audit & Issue Management: Coordinate and manage both internal and external compliance audits. This involves leading the evidence collection process, meticulously tracking audit findings (issues), and driving them to timely remediation, thereby ensuring the closure of security gaps and continuous improvement.
• • Risk Management:
• • Risk Assessment Facilitation: Lead comprehensive security risk assessments for new projects, emerging technologies, and third-party vendors. You will guide stakeholders through the structured process of identifying potential threats and vulnerabilities, ensuring proactive risk mitigation.
• • Identified Risks Monitoring: Maintain and manage the corporate risk register, diligently tracking identified risks, the progress of mitigation plans, and any risk acceptance decisions. This ensures that leadership maintains clear visibility into the organization's dynamic risk landscape.
• • Third-Party Risk Monitoring (TPRM): Oversee and mature the third-party risk management program. This involves assessing the security posture of vendors and partners, and continuously monitoring for any changes in their risk profile throughout the entire lifecycle of the business relationship.
• • Security Maturity Monitoring: Develop and implement metrics to measure and report on the overall maturity of the security program against established goals and Key Performance Indicators (KPIs), providing insights for strategic development.
• • Policy Management:
• • Policy Set Administration: Own the complete lifecycle of LTK's information security policies, standards, and procedures. This includes regular review, updating, and publication of documentation to ensure it accurately reflects LTK's security commitments and remains aligned with current industry best practices, such as those defined by NIST and ISO 27001.
• • Documentation: Collaborate closely with technical and business teams to translate complex security requirements and technical controls into clear, concise, and accessible policy language that is understood across the organization.
• • Security Awareness:
• • Training Delivery: Develop, implement, and deliver engaging and effective security awareness training materials. This encompasses comprehensive onboarding training for new hires and continuous, relevant education for the entire organization to foster a security-conscious culture.
• • Phishing Simulations: Design, orchestrate, and analyze simulated phishing campaigns. Utilize the data and insights generated from these campaigns to identify user groups that may be more vulnerable and tailor subsequent training interventions for maximum impact.