Paycom
Sr. IT GRC Analyst – Risk
Paycom
IT Governance, Risk, and Compliance (GRC) responsibilities include maintaining and auditing information security controls to ensure conformance with applicable standards, laws and regulations; implementing enterprise‑wide IT security awareness programming; and monitoring compliance with security policy and applicable law. The role participates in risk assessments, third‑party risk reviews, and audit/compliance activities. Collaborates with IT, development, and other business units to document audit requirements and implement relevant controls.
Responsibilities
Perform and peer review security risk assessments for business and technology initiatives such as new or critical vendors and supporting software, reviewing questionnaire responses, web app scanning technology, open‑source scanning, and security compliance reports such as ISO 27001, SOC 2, CSA, SIG, and others.
Provide security recommendations to system and technology owners.
Develop and coordinate security awareness programming.
Facilitate and recommend updates to IT controls, procedures, and policies.
Assess compliance with policies and procedures related to Information Security and regulatory compliance.
Supervise and engage in IT SOX, ISO 27001, SOC 1, SOC 2, PCI‑DSS, FFIEC, PIPEDA, GDPR and other compliance activities.
Define, communicate, and ensure inclusion of data‑related business requirements in operational planning and prioritization.
Manage an enterprise‑wide data governance framework, focusing on improvement of data quality, lineage, and protection of sensitive data through modifications to organization behavior, policies, standards, and processes.
Lead risk assessments for projects.
Engage in process review and improvement, documenting as required.
Perform additional duties and assignments as requested.
Seniority Level Mid‑Senior level
Employment Type Full‑time
Job Function Information Technology
Industries Software Development
Location Oklahoma City, OK
#J-18808-Ljbffr
IT Governance, Risk, and Compliance (GRC) responsibilities include maintaining and auditing information security controls to ensure conformance with applicable standards, laws and regulations; implementing enterprise‑wide IT security awareness programming; and monitoring compliance with security policy and applicable law. The role participates in risk assessments, third‑party risk reviews, and audit/compliance activities. Collaborates with IT, development, and other business units to document audit requirements and implement relevant controls.
Responsibilities
Perform and peer review security risk assessments for business and technology initiatives such as new or critical vendors and supporting software, reviewing questionnaire responses, web app scanning technology, open‑source scanning, and security compliance reports such as ISO 27001, SOC 2, CSA, SIG, and others.
Provide security recommendations to system and technology owners.
Develop and coordinate security awareness programming.
Facilitate and recommend updates to IT controls, procedures, and policies.
Assess compliance with policies and procedures related to Information Security and regulatory compliance.
Supervise and engage in IT SOX, ISO 27001, SOC 1, SOC 2, PCI‑DSS, FFIEC, PIPEDA, GDPR and other compliance activities.
Define, communicate, and ensure inclusion of data‑related business requirements in operational planning and prioritization.
Manage an enterprise‑wide data governance framework, focusing on improvement of data quality, lineage, and protection of sensitive data through modifications to organization behavior, policies, standards, and processes.
Lead risk assessments for projects.
Engage in process review and improvement, documenting as required.
Perform additional duties and assignments as requested.
Seniority Level Mid‑Senior level
Employment Type Full‑time
Job Function Information Technology
Industries Software Development
Location Oklahoma City, OK
#J-18808-Ljbffr