Information Security Analyst (Governance, Risk, and Compliance)
Who you are:
- Passionate about information security and privacy
- An evangelist regarding the importance of information security
- Committed to an ongoing partnership with other high profile groups within the organization to insure information security objectives are being understood and embraced
- Established presence within information security communities
- Ability to anticipate problems and recommend decisive action
- Excellent communication skills (both written and oral)
- Ability to work collaboratively across the organization
- Values their role as an advisor and business enabler more than their role as a rule enforcer
- Self-driven, creative, and resourceful
How we work:
- Casual, collaborative environment which embraces and operates under our shared principles
- Complete transparency with open, honest discussions about our progress
- Close working relationships across all areas of the organization
- Focus on outcomes and learning
What we offer:
- A strong commitment to Information Security both financially and organizationally
- An existing talented and passionate Information Security team
- The chance to meaningfully contribute to a vast market opportunity
- A collaborative environment where our security team is empowered to help steer the direction of the team
- A place to contribute your security knowledge company-wide through forum panels with our product development team
- Annual training allowance to learn new things and bring it back to the team.
- Employee Stock Purchase Program (ESPP) which enables employees to share in the long-term growth and future success of the company
- Understands the basic tenants of Information Security risk management (threat management, vulnerability management, and risk treatment).
- Experience in performing Information Security risk and control assessments.
- Experience creating and maintaining a BCDR program and deliverables and serve as SME/facilitator for the business and IT.
- Experience defining, revising, and implementing corporate information security policies.
- Experience coordinating corporate-wide initiatives for obtaining security related assurances (e.g., ISO 27001, SSAE-18, etc.) including process control design and testing.
- Familiarity with federal and state legal regulatory requirements related to information security and privacy.
- Well versed in the information security issues affecting financial service organizations and cloud based application service providers.
- Experience creating, implementing, maintaining, monitoring, and enforcing the Security Awareness Program.
- Experience creating and maintaining the security vendor management program.
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information System Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in the Governance of Enterprise Information Technology (CGEIT)
- Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
During the last three months, you would have:
- Ensured Paylocity is properly evaluating security risks through a risk assessment framework
- Managed and coordinate Paylocity’s business continuity planning and disaster recovery planning programs.
- Ensured that Paylocity continues to comply with applicable InfoSec related legal and regulatory requirements,
- Maintained Paylocity’s information security and privacy related policies, standards, and procedures.
- Assessed compliance with Paylocity’s policies and standards and take action to re-mediate non-compliance.
- Acted as a liaison to auditors and consulting partners
- Collected information and provided answers to customer and client due diligence requests.
- Lead Paylocity’s InfoSec vendor due diligence reviews.
- Coordinated an Information Security risk assessment as well as ad hoc project risk assessments.
- Maintained and improved InfoSec risk and service performance metrics
- Represented Paylocity in the Information Security arena through vendor relations and participation in professional organizations.
- Glassdoor Best Places to Work 2014, 2017, 2018
- Glassdoor Highest Rated CEO's 2014, 2017
- CIO Applications Top 25 HR Technology Solution Providers 2017
- Deloitte Technology Fast 500 2013-2017
- DC Digital Top Work Places 2016-2017
- 101 Best & Brightest Companies to Work for in Chicago 2008-2017
- Top 100 Digital Companies in Chicago 2012-2017
- Best Places to Work Idaho 2017
- Best Places to Work Orlando Business Journal 2016-2017
- Best & Brightest Companies to Work for in the Nation 2014, 2017