Sr. Governance, Risk, and Compliance Analyst
Jazwares Careers
The Sr. Governance, Risk and Compliance (GRC) Analyst is a key member of our information security team, playing a pivotal role in assessing and prioritizing information, security, and cybersecurity risk across an organization. They are responsible for developing, implementing, and monitoring programs that manage risk, ensure compliance with relevant laws and regulations, and promote ethical conduct. This will involve conducting audits, risk assessments, and developing policies and procedures. The Sr. GRC Analyst will play a key role in educating and training employees on Information Security matters and staying abreast of evolving regulatory landscapes to provide expert guidance to the organization.
What you'll be doing:
IT and Cyber Risk Management
- Develop and maintain a comprehensive risk management framework, including methodologies for risk identification, assessment, analysis, and mitigation.
- Conduct gap analysis of implemented frameworks and standards such as CIS, NIST, ISO 27001.
- Design, implement and/or maintain a common risk assessment framework and risk registers
- Design, implement and maintain a formal Risk Register
- Assist with AI due diligence assessments, both for internal and external offerings.
- Recommend, document and monitor the implementation of risk mitigation activities resulting from risk assessments
- Perform GRC monitoring platform planning, implementation, configuration and operation
- Provide risk management guidance and expertise to projects, peers or external inquires
- Prepare risk reports and present findings to senior management.
Third Party Risk Management
- Lead and enhance the Third Party Risk Management program, that includes
- Perform due diligence assessments on new and existing vendors, evaluating their security controls and compliance posture.
- Utilize and Manage tools, services and systems to support the program
Compliance
- Provide technical leadership and oversight to compliance activities and initiatives
- Manage initiatives associated with regulatory compliance like GDPR, CCPA, SOX, etc
- Assist with tracking and measuring compliance with, and maturity of, Control Frameworks.
- Oversee or participate in external compliance audits
- Perform or oversee compliance audits and reviews
Policies and Procedures
- Revise policies, standards, processes, and guidelines when appropriate.
- Responsible for Security Policy Document Management and exceptions tracking
Security Awareness and Training
- Develop and maintain Jazwares’ Security Awareness Program and strategy
- Conduct or facilitate virtual and in-person cyber awareness activities and trainings
- Create and deliver cyber awareness metric reports to management
- Perform other duties as assigned
Manages People: No
What we look for:
- Bachelor's degree in a relevant field preferred
- 5+ years of experience in governance, risk, and compliance role
- CISA, CRISC, or CISSP certification preferred
Knowledge, Skills, Abilities, and Other Characteristics (KSAO’s)
- Strong understanding of GRC frameworks and methodologies, such as NIST, ISO 27001, and COBIT.
- Experience in conducting risk assessments, audits, and developing GRC policies and procedures.
- Excellent communication, interpersonal, and presentation skills.
- Ability to work independently and as part of a team.
Preferred Qualifications:
- Experience and familiarity with cloud data security and working with public cloud solutions (AWS)
- Experience working with a Governance Risk and Compliance technologies
- Experience in a global organization
- Multi-lingual a plus
Working Conditions:
- Environment: Office
- Extreme Exposures: none
- Schedule: Typically requires regular office hours, but may require calls with global counterparts outside of regular office hours
- Physical Requirements: Lift up to 10 lbs. Must be able to stand, walk, sit, hear, see, frequently
- Travel Required: Yes, some local or national travel may be required occasionally
What we offer:
At Jazwares, we believe in providing our employees with comprehensive and competitive benefits that support their well-being and overall satisfaction.
Base salary may vary based on experience, role tenure, performance, industry, and location. Eligibility for annual performance incentives may apply. Jazwares is a multi-state employer, salary range may not apply to other states.
Our benefits package includes basic medical insurance that is 100% company-paid for employees and their children, employee basic life and AD&D insurance, a 401(K) retirement program with Jazwares matching up to 4% of pretax or post-tax deferrals, short and long-term disability, and tuition reimbursement.
Our work environment provides a flexible work schedule that includes a Monday through Thursday on-site, with an optional WFH on Fridays, up to 20 workdays fully remote each year, and Time Off for vacation, and sick leave. Through Jazwares Cares, you have the opportunity to volunteer for up to 16 hours a year on community service projects.
Working at Jazwares:
At Jazwares, we believe an innovative idea can come from anywhere, and anyone. Through our three pillars, we foster innovation and encourage creativity in every area of our business.
Humility: We recognize the value in others and treat everyone with respect. Our strength lies in our people and talent.
Passion: Our conviction and enthusiasm show in our products, relationships, and commitment to our community.
Collaboration: We share one vision worldwide, constantly striving to improve and innovate together.
Don't miss out on this extraordinary opportunity to be part of the fastest-growing toy company in the industry. Connect with us today and let's shape the future of play together!
JAZWARES is an equal opportunity employer and does not discriminate in employment on the basis of race, color, sex, religion, national or ethnic origin, citizenship status, ancestry, disability, age, military status, marital status, sexual orientation or any other characteristic protected by law.