First American
Controls & Compliance Senior Analyst-Hybrid
First American, Santa Ana, California, United States, 92725
Who We Are
Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for ten consecutive years. We have also earned awards as a best place to work for women, diversity, and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.
What We Do Reporting to the Manager of InfoSec GRC, the Senior Analyst is responsible for supporting enterprise-wide governance, risk, and compliance strategies ensuring alignment with regulatory requirements and cybersecurity best practices. This role involves performing self-assessments, control testing, issue lifecycle management, and supporting the GRC program to strengthen the organization's risk posture.
This role is hybrid, requiring in-office presence three days a week in Santa Ana, CA.
What You'll Do
Assist with security assurance activities, including control design evaluations, walkthroughs, and control effectiveness testing aligned with regulatory and framework requirements (e.g., NIST CSF, ISO 27001, SOX, SOC2, FFIEC CAT).
Perform testing of security controls, coordinating with internal audit, external assessors, and business stakeholders.
Analyze control activities to reduce risk, add value, and mature the control environment.
Conduct Information Security risk assessments, including risk identification, evaluation, and prioritization.
Collaborate with business units and technology teams to assess cybersecurity threats.
Support issue lifecycle management, including issue identification, root cause analysis, remediation, tracking, validation, and closure.
Provide expertise and guidance on Information Security policies and standards.
Leverage GRC tools (e.g., Archer, ServiceNow GRC, LogicGate) to automate workflows and improve reporting.
Maintain data within systems that track issues, engagements, and metrics communicated across the organization.
Support KPI/KRI development to facilitate risk prioritization and reporting to senior leadership.
Assist in developing, maintaining, and implementing GRC tools and processes to streamline activities.
Develop and maintain GRC program documentation.
Stay current on emerging threats, industry trends, and regulatory changes, proactively adjusting strategies.
Provide excellent customer service in support of program activities.
Interface regularly with executives to resolve critical issues and foster professional relationships.
Ensure timely, high-quality, and consistent delivery of products and services.
Perform duties outside normal hours as needed based on business requirements.
What You'll Bring Knowledge and Skills/Technology Used
BA/BS degree in Computer Information Systems, Computer Science, or equivalent experience; security-related education preferred.
5+ years of experience in technology and Information Security GRC.
Certifications such as CISM, CRISC, CISSP, or CGEIT are preferred.
Strong knowledge of Information Security and risk management frameworks (NIST, ISO, COBIT, CIS).
Familiarity with GRC platforms and data analytics tools.
Experience managing multiple initiatives with strong organization and prioritization skills.
High attention to detail in managing, analyzing, and finalizing artifacts and documents.
Excellent oral and written communication skills; strong presentation skills.
Adaptability to changing priorities and requirements.
Team player with positive energy and customer service skills.
Self-motivated, demonstrating initiative and accountability.
Salary Range: $95,350.00 - $127,125.00
This range is an estimate of the base pay at the time of posting. Actual pay depends on factors like knowledge, skills, experience, business needs, and location.
Note for candidates in Los Angeles County unincorporated areas:
First American considers all qualified applicants, including those with arrest or conviction records, consistent with applicable laws. A criminal history review may be conducted after a conditional offer, especially if the history could impact duties involving confidential information, financial transactions, or customer requirements.
What We Offer Our People First Culture celebrates diversity, equity, and inclusion as key to our success. We foster an authentic and inclusive workplace for all. You are encouraged to bring your full, unique self to work. First American is an equal opportunity employer. Depending on eligibility, we offer a comprehensive benefits package including medical, dental, vision, 401k, PTO, and other benefits like an employee stock purchase plan.
#J-18808-Ljbffr
What We Do Reporting to the Manager of InfoSec GRC, the Senior Analyst is responsible for supporting enterprise-wide governance, risk, and compliance strategies ensuring alignment with regulatory requirements and cybersecurity best practices. This role involves performing self-assessments, control testing, issue lifecycle management, and supporting the GRC program to strengthen the organization's risk posture.
This role is hybrid, requiring in-office presence three days a week in Santa Ana, CA.
What You'll Do
Assist with security assurance activities, including control design evaluations, walkthroughs, and control effectiveness testing aligned with regulatory and framework requirements (e.g., NIST CSF, ISO 27001, SOX, SOC2, FFIEC CAT).
Perform testing of security controls, coordinating with internal audit, external assessors, and business stakeholders.
Analyze control activities to reduce risk, add value, and mature the control environment.
Conduct Information Security risk assessments, including risk identification, evaluation, and prioritization.
Collaborate with business units and technology teams to assess cybersecurity threats.
Support issue lifecycle management, including issue identification, root cause analysis, remediation, tracking, validation, and closure.
Provide expertise and guidance on Information Security policies and standards.
Leverage GRC tools (e.g., Archer, ServiceNow GRC, LogicGate) to automate workflows and improve reporting.
Maintain data within systems that track issues, engagements, and metrics communicated across the organization.
Support KPI/KRI development to facilitate risk prioritization and reporting to senior leadership.
Assist in developing, maintaining, and implementing GRC tools and processes to streamline activities.
Develop and maintain GRC program documentation.
Stay current on emerging threats, industry trends, and regulatory changes, proactively adjusting strategies.
Provide excellent customer service in support of program activities.
Interface regularly with executives to resolve critical issues and foster professional relationships.
Ensure timely, high-quality, and consistent delivery of products and services.
Perform duties outside normal hours as needed based on business requirements.
What You'll Bring Knowledge and Skills/Technology Used
BA/BS degree in Computer Information Systems, Computer Science, or equivalent experience; security-related education preferred.
5+ years of experience in technology and Information Security GRC.
Certifications such as CISM, CRISC, CISSP, or CGEIT are preferred.
Strong knowledge of Information Security and risk management frameworks (NIST, ISO, COBIT, CIS).
Familiarity with GRC platforms and data analytics tools.
Experience managing multiple initiatives with strong organization and prioritization skills.
High attention to detail in managing, analyzing, and finalizing artifacts and documents.
Excellent oral and written communication skills; strong presentation skills.
Adaptability to changing priorities and requirements.
Team player with positive energy and customer service skills.
Self-motivated, demonstrating initiative and accountability.
Salary Range: $95,350.00 - $127,125.00
This range is an estimate of the base pay at the time of posting. Actual pay depends on factors like knowledge, skills, experience, business needs, and location.
Note for candidates in Los Angeles County unincorporated areas:
First American considers all qualified applicants, including those with arrest or conviction records, consistent with applicable laws. A criminal history review may be conducted after a conditional offer, especially if the history could impact duties involving confidential information, financial transactions, or customer requirements.
What We Offer Our People First Culture celebrates diversity, equity, and inclusion as key to our success. We foster an authentic and inclusive workplace for all. You are encouraged to bring your full, unique self to work. First American is an equal opportunity employer. Depending on eligibility, we offer a comprehensive benefits package including medical, dental, vision, 401k, PTO, and other benefits like an employee stock purchase plan.
#J-18808-Ljbffr