Delivering one-of-a-kind cloud technology, accompanied by award winning customer service, Paylocity is a software development company in a category of its own.

The Information Security Analyst will play an instrumental role in maintaining Paylocity’s Information Security Governance, Risk and Compliance (GRC) program. Reporting into the Information Security Manager, this position will also closely with Product Development, Business and IT Operations, and all key departments throughout the organization. The person in this key role will help ensure that Paylocity’s IT governance processes are properly designed and are functioning effectively and that the organization maintains its compliance with all applicable legal, regulatory, and contractual requirements. Finally, the person in this role will ensure that Paylocity properly identifies, assesses, and manages its Information Security risks.

Are you the leader we are looking for?

Who you are:

· Passionate about information security and privacy

· An evangelist regarding the importance of information security

· Committed to an ongoing partnership with other high profile groups within the organization to insure information security objectives are being understood and embraced

· Established presence within information security communities

· Ability to anticipate problems and recommend decisive action

· Excellent communication skills (both written and oral)

· Ability to work collaboratively across the organization

· Values their role as an advisor and business enabler more than their role as a rule enforcer

· Self-driven, creative, and resourceful

How we work:

· Casual, collaborative environment which embraces and operates under our shared principles

· Complete transparency with open, honest discussions about our progress

· Close working relationships across all areas of the organization

· Focus on outcomes and learning

What we offer:

· A strong commitment to Information Security both financially and organizationally

· An existing talented and passionate Information Security team

· The chance to meaningfully contribute to a vast market opportunity

· A collaborative environment where our security team is empowered to help steer the direction of the team

· A place to contribute your security knowledge company-wide through forum panels with our product development team

· Annual training allowance to learn new things and bring it back to the team.

· Employee Stock Purchase Program (ESPP) which enables employees to share in the long-term growth and future success of the company

Required Experience:

· Understands the basic tenants of Information Security risk management (threat management, vulnerability management, and risk treatment).

· Experience in performing Information Security risk and control assessments.

· Experience creating and maintaining a BCDR program and deliverables and serve as SME/facilitator for the business and IT.

· Experience defining, revising, and implementing corporate information security policies.

· Experience coordinating corporate-wide initiatives for obtaining security related assurances (e.g., ISO 27001, SSAE-18, etc.) including process control design and testing.

· Familiarity with federal and state legal regulatory requirements related to information security and privacy.

· Well versed in the information security issues affecting financial service organizations and cloud based application service providers.

· Experience creating, implementing, maintaining, monitoring, and enforcing the Security Awareness Program.

· Experience creating and maintaining the security vendor management program.

· Possess (or in the process of obtaining) at least one of the following professional designations (or one of similar stature):

Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM)Certified Information System Auditor (CISA)Certified Information Security Manager (CISM)Certified in the Governance of Enterprise Information Technology (CGEIT)

· Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.

During the last three months, you would have:

· Ensured Paylocity is properly evaluating security risks through a risk assessment framework

· Managed and coordinate Paylocity’s business continuity planning and disaster recovery planning programs.

· Ensured that Paylocity continues to comply with applicable InfoSec related legal and regulatory requirements,

· Maintained Paylocity’s information security and privacy related policies, standards, and procedures.

· Assessed compliance with Paylocity’s policies and standards and take action to remediate non-compliance.

· Acted as a liaison to auditors and consulting partners

· Collected information and provided answers to customer and client due diligence requests.

· Lead Paylocity’s InfoSec vendor due diligence reviews.

· Coordinated an Information Security risk assessment as well as ad hoc project risk assessments.

· Maintained and improved InfoSec risk and service performance metrics

· Represented Paylocity in the Information Security arena through vendor relations and participation in professional organizations.

Paylocity’s Awards:

· Glassdoor Best Places to Work 2014, 2017, 2018

· Glassdoor Highest Rated CEO's 2014, 2017

· CIO Applications Top 25 HR Technology Solution Providers 2017

· Deloitte Technology Fast 500 2013-2017

· DC Digital Top Work Places 2016-2017

· 101 Best & Brightest Companies to Work for in Chicago 2008-2017

· Top 100 Digital Companies in Chicago 2012-2017

· Best Places to Work Idaho 2017

· Best Places to Work Orlando Business Journal 2016-2017

· Best & Brightest Companies to Work for in the Nation 2014, 2017