IT GRC Analyst - Compliance

The IT Governance, Risk, and Compliance (GRC) team functions include maintaining and auditing information security controls to ensure conformance or compliance with applicable standards and local laws and regulations; enterprise-wide IT security awareness programming; monitoring compliance with security policy and applicable law. Participate in risk assessments, third‑party risk reviews, and assisting with audit and compliance activities.

• Perform security risk assessments for business and technology initiatives such as new vendors, critical vendors, and supporting software by reviewing security questionnaire responses, utilizing web app scanning technology and open‑source software scanning technology, and reviewing security compliance reports such as ISO
  27001, SOC 2, CSA, SIG, and more.
• Provide IT security due diligence reviews for sales and client functions.
• Assist in coordinating security awareness programming, including IT policy maintenance.
• Review policies and procedures related to Information Security and regulatory compliance.
• Engage in IT SOX, ISO 27001, SOC 1, SOC 2, PCI‑DSS, FFIEC, PIPEDA, GDPR and other compliance activities.
• Ensure that data‑related business requirements for protecting Paycom’s sensitive data are clearly defined, communicated, understood and considered as part of operational planning and prioritization.
• Participate in the management of an enterprise‑wide data governance framework, with a focus on improvement of data quality, lineage and the protection of sensitive data through modifications to organization behavior, policies, standards and processes.
• Participate in risk assessments for projects.
• Engage in process review and improvement, document as required.
• Perform additional duties and assignments as requested.

• Seniority level:
  Entry level
• Employment type:
  
  Full‑time
• Job function:
  Information Technology
• Industries:
  Software Development