PulteGroup
Overview
GRC Analyst role at PulteGroup. The GRC Analyst maintains and contributes to the design of the company’s cybersecurity Governance, Risk, and Compliance program (GRC). Helps assess technology-related risks and ensures compliance with relevant regulations, policies, standards, and controls to protect the organization’s information assets. Provides guidance to less experienced GRC Analysts and leads process improvement within the Information Security team. Key Responsibilities
Policies/Standards/Controls: Develops and maintains cybersecurity policies, standards, and guidelines. Implements and monitors compliance with cybersecurity control framework. Ensures policies are up-to-date and align with industry best practices, regulatory requirements, and cyber frameworks. Communicates policies to relevant stakeholders. Security Awareness: Independently develops security awareness training programs and materials. Plans and executes cybersecurity awareness events and campaigns. Develops, organizes, and delivers training sessions to employees on security policies and best practices. Monitors and reports on the effectiveness of security awareness initiatives. Cyber Risk Management: Collects, analyzes, and presents cybersecurity program performance metrics and KRIs. Conducts regular assessments of cyber risks within applications, platforms, and processes. Identifies risks and develops mitigation strategies and risk management plans. Manages third-party risk by assessing the security posture of external vendors and partners and implementing risk mitigation measures to foster secure third-party relationships. PCI, SOX, and Privacy Compliance: Ensures appropriate design and operating effectiveness of regulatory and PCI-DSS controls. Manages privacy-related data subject access requests. Monitors compliance and reports effectiveness. Performs periodic gap assessments to validate compliance. Monitors regulatory environment and performs impact assessments. Partners with auditors and manages action plans in response to audit findings. Performs other duties as assigned. Qualifications & Skills
Knowledge & Experience: Requires practical knowledge of the area typically obtained through advanced education combined with experience. Minimum high school diploma or equivalent (GED). Typically requires a university degree or equivalent experience and minimum 2-4 years of prior relevant experience. Required Skills: Depth of knowledge with cybersecurity control frameworks (NIST CSF preferred); working knowledge of cybersecurity policy lifecycle, standards, and guidelines; experience with PCI-DSS and SOX; working knowledge of data governance and privacy regulations; experience with security awareness techniques and processes in an enterprise environment; exceptional written and verbal communication skills adaptable to relevant audiences; analytical and problem-solving abilities. Licensing/Certifications: Not applicable. Physical Requirements: May require travel. Employment Details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Business Development and Sales Industries: Construction Important Notices
PulteGroup, Inc. and its affiliates do not accept unsolicited resumes from individual recruiters or third-party recruiting agencies. If unsolicited resumes are submitted without a valid written agreement, they will be deemed the property of PulteGroup and its affiliates. We are an equal opportunity employer; qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Reasonable accommodations are provided to qualified applicants with disabilities. This organization participates in E-Verify. California Privacy Policy applies.
#J-18808-Ljbffr
GRC Analyst role at PulteGroup. The GRC Analyst maintains and contributes to the design of the company’s cybersecurity Governance, Risk, and Compliance program (GRC). Helps assess technology-related risks and ensures compliance with relevant regulations, policies, standards, and controls to protect the organization’s information assets. Provides guidance to less experienced GRC Analysts and leads process improvement within the Information Security team. Key Responsibilities
Policies/Standards/Controls: Develops and maintains cybersecurity policies, standards, and guidelines. Implements and monitors compliance with cybersecurity control framework. Ensures policies are up-to-date and align with industry best practices, regulatory requirements, and cyber frameworks. Communicates policies to relevant stakeholders. Security Awareness: Independently develops security awareness training programs and materials. Plans and executes cybersecurity awareness events and campaigns. Develops, organizes, and delivers training sessions to employees on security policies and best practices. Monitors and reports on the effectiveness of security awareness initiatives. Cyber Risk Management: Collects, analyzes, and presents cybersecurity program performance metrics and KRIs. Conducts regular assessments of cyber risks within applications, platforms, and processes. Identifies risks and develops mitigation strategies and risk management plans. Manages third-party risk by assessing the security posture of external vendors and partners and implementing risk mitigation measures to foster secure third-party relationships. PCI, SOX, and Privacy Compliance: Ensures appropriate design and operating effectiveness of regulatory and PCI-DSS controls. Manages privacy-related data subject access requests. Monitors compliance and reports effectiveness. Performs periodic gap assessments to validate compliance. Monitors regulatory environment and performs impact assessments. Partners with auditors and manages action plans in response to audit findings. Performs other duties as assigned. Qualifications & Skills
Knowledge & Experience: Requires practical knowledge of the area typically obtained through advanced education combined with experience. Minimum high school diploma or equivalent (GED). Typically requires a university degree or equivalent experience and minimum 2-4 years of prior relevant experience. Required Skills: Depth of knowledge with cybersecurity control frameworks (NIST CSF preferred); working knowledge of cybersecurity policy lifecycle, standards, and guidelines; experience with PCI-DSS and SOX; working knowledge of data governance and privacy regulations; experience with security awareness techniques and processes in an enterprise environment; exceptional written and verbal communication skills adaptable to relevant audiences; analytical and problem-solving abilities. Licensing/Certifications: Not applicable. Physical Requirements: May require travel. Employment Details
Seniority level: Mid-Senior level Employment type: Full-time Job function: Business Development and Sales Industries: Construction Important Notices
PulteGroup, Inc. and its affiliates do not accept unsolicited resumes from individual recruiters or third-party recruiting agencies. If unsolicited resumes are submitted without a valid written agreement, they will be deemed the property of PulteGroup and its affiliates. We are an equal opportunity employer; qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Reasonable accommodations are provided to qualified applicants with disabilities. This organization participates in E-Verify. California Privacy Policy applies.
#J-18808-Ljbffr