Governance, Risk and Compliance Analyst - Information Security Team at Paylocity

| Northwest Suburbs
!Sorry, this job was removed at 3:33 p.m. (CST) on Monday, March 23, 2020

The Governance, Risk and Compliance Analyst will work collaboratively with the all departments throughout the organization and play an instrumental role in testing adherence to Paylocity’s information security policies, standards, and procedures. The person in this key role will also ensure that Paylocity’s IT governance processes are properly designed and are functioning effectively and that the organization maintains its compliance with all applicable legal, regulatory, and contractual requirements. The Governance, Risk and Compliance Analyst will ensure that all identified issues are documented, risk ranked, and retested as necessary.


What You'll Do:

  • Assess corporate-wide compliance with Paylocity’s policies and standards and take action to remediate non-compliance.
  • Ensure that Paylocity’s practices satisfy the requirements of the Sarbanes-Oxley Act and Paylocity’s SSAE-16, HIPAA, as well as all applicable federal, state, and local laws and regulations.
  • Ensure that Paylocity is properly evaluating security risks through a risk assessment framework that assesses the potential impact of threats to the business and Paylocity’s vulnerability to these threats and recommended controls to reduce risks to levels that align with the organization’s risk tolerances and appetite.
  • Work collaboratively with all Paylocity departments to ensure that local practices are consistent with corporate information security policies and standards.
  • Monitor the legal and regulatory landscape to proactively address new information security and privacy related requirements.
  • Identify compliance objectives and mapped program deliverables to the requirements.
  • Participate in Paylocity’s business continuity planning and disaster recovery planning programs as well as periodic exercises and tests.
  • Act as a professional liaison to Paylocity’s SSAE-16 service auditor, its third party internal audit, consulting partners, and its external auditor.
  • Collect information for generating and communicating responses to customer due diligence requests and questionnaires.
  • Assist in Paylocity’s vendor management / third party service provider oversight program and conduct initial vendor due diligence as well as ongoing vendor reviews.
  • Coordinate and document an annual enterprise risk assessment as well as ad hoc project risk assessments.
  • Assist in company-wide security awareness program that is tailored to the needs of specific roles within the organization and is measurable and auditable.
  • Design and implement a program to collect and report information security related performance metrics and key risk indicators.
  • Represent Paylocity in the information security arena through vendor relations and participation in professional organizations.
  • Attend conferences or seminars outside of Paylocity to stay current on the latest information security related ideas, topics, and trends.

What you bring:

  • Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
  • Ability to test various controls throughout Technology and implement improvements to controls as needed.
  • Minimum of 3 years’ experience in one or all of the following: IT Internal Audit, Governance/Risk and Compliance, Security Awareness and Education, Third Party risk assessments and IT Security.
  • Possess or willing to obtain upon hire at least one of the following professional designations (or one of similar stature):
  • Certified in Risk and Information Systems Security Professional (CRISC)
  • Certified Information Security Manager (CISM)
  • Certified Information System Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified in the Governance of Enterprise Information Technology (CGEIT)
  • Experience defining, revising, and implementing corporate information security policies.
  • Experience coordinating initiatives for obtaining security related assurances (e.g., ISO 27001, SSAE-16, etc.) including process control design and testing.
  • Experience in maintaining a BC/DR program and deliverables and serve as SME/facilitator for the business and IT.
  • Experience creating, implementing, maintaining, monitoring and enforcing the Security Awareness Program.
  • Experience creating, implementing, maintaining and monitoring security policies, standards, procedures, programs, plans and processes.
  • Familiarity with federal and state legal regulatory requirements related to information security and privacy.
  • Well versed in the information security issues affecting financial service organizations and cloud based application service providers.
  • Understands the basic tenants of enterprise risk management (threat management, vulnerability management, and risk treatment).
Read Full Job Description
Apply now

Technology we use

  • Engineering
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • SqlLanguages
    • AccessDatabases
    • Microsoft SQL ServerDatabases
    • OracleDatabases


Our office has modern workspaces, a cafe, and a gym. But since we're a talent-anywhere company, you may find our team members all over Chicagoland.

What are Paylocity Perks + Benefits

Paylocity Benefits Overview

Our commitment to hiring the best and brightest employees with a “talent anywhere” strategy means that no matter where you’re located around the country, you can be a part of our growing tech department

• Enjoy an attitude of trust to work remotely, manage your own schedule and be productive
• Work in small, cross-functional product-oriented teams
• Showcase development progress in two-week sprints with strong executive involvement
• Embrace the freedom to innovate, voice opinions and share new ideas

Volunteer in local community
Partners with Nonprofits
Friends outside of work
Eat lunch together
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Highly diverse management team
Unconscious bias training
Someone's primary function is managing the company's diversity and inclusion initiatives
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Retirement & Stock Options Benefits
401(K) Matching
Company Equity
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
We have a talent anywhere culture, where employees can work anywhere in the US and/or work from one of three US offices located in Illinois, Florida, and Idaho
Family Medical Leave
Adoption Assistance
Company sponsored family events
Acme co. sponsors family oriented events Annually.
Vacation & Time Off Benefits
Generous PTO
Paid Volunteer Time
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Game Room
Stocked Kitchen
Some Meals Provided
Happy Hours
Recreational Clubs
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Diversity Program
Lunch and learns
Acme Co. hosts lunch and learn meetings on occasion.
Cross functional training encouraged
Promote from within
Mentorship program
Our mentorship program includes 1-to-1 program, Cross-department program, Leadership mentoring.
Online course subscriptions available
More Jobs at Paylocity12 open jobs
All Jobs
Data + Analytics
Design + UX
Dev + Engineer
Data + Analytics
Northwest Suburbs
Design + UX
Northwest Suburbs
Northwest Suburbs
Northwest Suburbs
Design + UX
Northwest Suburbs
Data + Analytics
Northwest Suburbs
Northwest Suburbs
Northwest Suburbs
Northwest Suburbs
Northwest Suburbs