Associate Governance, Risk and Compliance Analyst - Information Security Team at Paylocity
Don't just land a job. Launch your future.
Our all-in-one software platform gives HR pros a way to easily manage daily tasks in payroll, benefits, talent, and workforce management.
But what makes us different is that our technology is backed by a culture that cares. We care about our team members, clients, and partners - because people matter most. And people have always been at the heart of our business.
Since our founding in 1997, this is the thing that's stayed the same, from our employees to the millions of users nationwide that access our platform. We pride ourselves on partnering with our clients to build the workplace they and their employees crave.
Let's go forward together.
The Governance, Risk and Compliance Associate will work collaboratively with the all departments throughout the organization and play an instrumental role in testing adherence to Paylocity's information security policies, standards, and procedures. The person in this key role will also ensure that Paylocity's IT governance processes are properly designed and are functioning effectively and that the organization maintains its compliance with all applicable legal, regulatory, and contractual requirements. The Governance, Risk and Compliance Associate will ensure that all identified issues are documented, risk ranked, and retested as necessary.
Reports To: GRC Manager
The below represents the primary responsibilities of the position. Other duties may be assigned as needed.
- Update policies and create standards as needed to support the IT Organization and remain in compliance with various regulations.
- Ensure that Paylocity is properly evaluating security risks through a risk assessment framework that assesses the potential impact of threats to the business and Paylocity's vulnerability to these threats and recommended controls to reduce risks to levels that align with the organization's risk tolerances and appetite.
- Work collaboratively with all Paylocity departments to ensure that local practices are consistent with corporate information security policies and standards.
- Collect information for generating and communicating responses to customer due diligence requests and questionnaires.
- Assist in Paylocity's vendor management / third party service provider oversight program and conduct initial vendor due diligence as well as ongoing vendor reviews.
- Assist in performing risk assessments against ISO 27001 / NIST as well as ad hoc project risk assessments.
- Assist in company-wide security awareness program that is tailored to the needs of specific roles within the organization and is measurable and auditable.
- Attend conferences or seminars outside of Paylocity to stay current on the latest information security related ideas, topics and trends.
- Bachelor's degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
- Ability to test various controls throughout Technology and implement improvements to controls as needed.
- Minimum of 2 years' experience in one or all of the following: IT Internal Audit, Governance/Risk and Compliance, Security Awareness and Education, Third Party risk assessments and IT Security.
- Possess or willing to obtain upon hire at least one of the following professional designations (or one of similar stature):
- Certified in Risk and Information Systems Security Professional (CRISC)
- Certified Information Security Manager (CISM)
- Certified Information System Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in the Governance of Enterprise Information Technology (CGEIT)
- Experience defining, revising, and implementing corporate information security policies.
- Experience coordinating initiatives for obtaining security related assurances (e.g., ISO 27001, SSAE-16, etc.) including process control design and testing.
- Experience in maintaining Business Continuity deliverables
- Experience creating, implementing, maintaining, monitoring and enforcing the Security Awareness Program.
- Experience creating, implementing, maintaining and monitoring security policies, standards, procedures, programs, plans and processes.
- Familiarity with federal and state legal regulatory requirements related to information security and privacy.
- Well versed in the information security issues affecting financial service organizations and cloud based application service providers.
- Understands the basic tenants of enterprise risk management (threat management, vulnerability management, and risk treatment).
Our journey forward.
Paylocity strives to create an organizational culture where every employee has a voice, feels truly welcome, appreciated, and free to be themselves, and is empowered and enabled to do their best work. A strong commitment to diversity, equity, and inclusion is critical to creating such a culture.
We've made great strides to support diversity, equity, and inclusion. That being said, we realize there's still room for improvement. Our current focus is on the following initiatives:
- Education & Awareness
- Client Community
- Company Representation
- Advocacy & Support
- Fairness & Equality
- PCTY Gives
This job description has been written to provide an accurate reflection of the current job and to include the general nature of work performed. It is not designed to contain a comprehensive detailed inventory of all duties, responsibilities, and qualifications required of the employees assigned to the job. Management reserves the right to revise the job or require that other or different tasks be performed when circumstances change.
This role can be performed from any office in the US. The pay range for this position in Colorado is $65,000 - $85,000/yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. This position is eligible for an annual bonus based on individual performance in addition to a full range of benefits outlined here. This information is provided per the Colorado Equal Pay for Equal Work Act. Base pay information is based on market location. Applicants should apply via www.paylocity.com/careers.