Our all-in-one software platform gives HR pros a way to easily manage daily tasks in payroll, benefits, talent, and workforce management.

But what makes us different is that our technology is backed by a culture that cares. We care about our team members, clients, and partners – because people matter most. And people have always been at the heart of our business.

Since our founding in 1997, this is the thing that's stayed the same, from our employees to the millions of users nationwide that access our platform. We pride ourselves on partnering with our clients to build the workplace they and their employees crave.

Let's go forward together.

Position Overview:

The Governance, Risk and Compliance Analyst is responsible for creating and/or maintaining security standards and procedures, identifying risks, and ensuring IT controls and operational processes are in place to mitigate identified risks. The Analyst promotes an efficient and secure IT environment in alignment with present and future cyber risks. The Analyst will develop and maintain a comprehensive risk assessment process which will include an internal risk register to track all technology risk. Develop appropriate reporting for management and track remediation to completion. Own and manage the third-party risk assessment process across all new Paylocity vendors. You will also be responsible for maintaining applicable Paylocity policies and standards and aid in the Data Governance program.

Location: Remote

Reports To: Manager, Governance, Risk & Compliance

Responsibilities:

• Develop and manage an information security risk register to address risks, issues and action plans from all sources, eg, industry risks, technology risk assessments, etc.
• Further develop the GRC software platform (One Trust) for policy administration, third party compliance and risk management.
• Work collaboratively with all Paylocity departments including key business stakeholders to ensure that risks are identified and well documented.
• Ensure that Paylocity is properly evaluating security risks through a risk assessment framework that assesses the potential impact of threats to Information Technology and Paylocity’s vulnerability to these threats and recommended controls to reduce risks to levels that align with the organization’s risk tolerance and appetite.
• Develop process documentation and standards for end-to-end risk assessment process.
• Lead Paylocity’s vendor management / third party service provider oversight program and conduct initial vendor due diligence as well as ongoing vendor reviews.
• Partner with the Application Security team to ensure SaaS vendors have an appropriate assessment and include documentation with OneTrust
• Coordinate and document an annual risk assessment as well as ad hoc project risk assessments.
• Assist in company-wide security awareness program that is tailored to the needs of specific roles within the organization and is measurable and auditable.
• Design and implement a program to collect and report information security related performance metrics and key risk indicators.
• Lead project manager for development and communication of Paylocity's Data Governance Program objectives.
• Attend conferences or seminars outside of Paylocity to stay current on the latest information security related ideas, topics, and trends.

Requirements:

• Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
• Relevant experience in the GRC space. Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.
• Minimum of 3 years’ experience in one or all the following: IT Internal Audit, Governance/Risk and Compliance, Security Awareness and Education, Third Party risk assessments and IT Security.
• Understands the basic tenants of IT risk management (threat management, vulnerability management, and risk treatment).
• Possess or willing to obtain upon hire at least one of the following professional designations (or one of similar stature): Certified in Risk and Information Systems Security Professional (CRISC), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified in the Governance of Enterprise Information Technology (CGEIT (Certified in the Governance of Enterprise Information Technology))
• Experience defining, revising, and implementing corporate information security policies.
• Experience coordinating initiatives for obtaining security related assurances (e.g., ISO 27001, SSAE-16, etc.) including process control design and testing.
• Familiarity with federal and state legal regulatory requirements related to information security and privacy including GDPR (General Data Protection Regulations), CCPA (California Consumer Privacy Act), and BIPA.
• Well versed in the information security issues affecting financial service organizations and cloud-based application service providers.

As of 4/6/2021 this job excludes CO applicants

Our journey forward.

Paylocity strives to create an organizational culture where every employee has a voice, feels truly welcome, appreciated, and free to be themselves, and is empowered and enabled to do their best work. A strong commitment to diversity, equity, and inclusion is critical to creating such a culture.

We’ve made great strides to support diversity, equity, and inclusion. That being said, we realize there’s still room for improvement. Our current focus is on the following initiatives:

• Education & Awareness
• Client Community
• Company Representation
• Advocacy & Support
• Fairness & Equality
• PCTY Gives

Want to learn more, click here to access our DEI flipbook. https://www.flipsnack.com/paylocitycom/diversity-equity-and-inclusion.html

This job description has been written to provide an accurate reflection of the current job and to include the general nature of work performed. It is not designed to contain a comprehensive detailed inventory of all duties, responsibilities, and qualifications required of the employees assigned to the job. Management reserves the right to revise the job or require that other or different tasks be performed when circumstances change.