What are the responsibilities and job description for the GRC Analyst position at Hayward Holdings, Inc.?
Hayward Holdings Inc. (NYSE "HAYW") is the largest manufacturer of residential swimming pool equipment in the world, with a significant presence in the commercial pool market that is continuously growing. Hayward designs, manufactures, and markets a full line of residential and commercial pool and spa equipment including pumps, filters, heating, cleaners, salt chlorinators, automation, lighting, safety, flow control and energy solutions at our company owned facilities. Headquartered in Charlotte, North Carolina, Hayward also has facilities in Tennessee, Arizona, and Rhode Island as well as Canada, Spain, France, Australia, and China.
Governance, Risk, and Compliance (GRC) Analyst – SOX & Data Security Focus
Location: Clemmons, NC
Job Type: Full-time
Department: Information Security / Risk & Compliance
Reports To: Director, Global Information Security
Job Summary
The GRC Analyst – SOX & Data Security Focus plays a critical role in ensuring the effectiveness of internal controls over financial reporting (ICFR) and protecting sensitive financial and regulated data. This role supports Sarbanes-Oxley (SOX) compliance, audit readiness, and risk management by partnering with Finance, IT, Internal and External auditors. The analyst administers Varonis to classify, monitor, and protect critical and sensitive data, ensuring evidence quality, least‑privilege access, and reduced operational risk.
Key Responsibilities
SOX Compliance & Internal Controls
Governance, Risk, and Compliance (GRC) Analyst – SOX & Data Security Focus
Location: Clemmons, NC
Job Type: Full-time
Department: Information Security / Risk & Compliance
Reports To: Director, Global Information Security
Job Summary
The GRC Analyst – SOX & Data Security Focus plays a critical role in ensuring the effectiveness of internal controls over financial reporting (ICFR) and protecting sensitive financial and regulated data. This role supports Sarbanes-Oxley (SOX) compliance, audit readiness, and risk management by partnering with Finance, IT, Internal and External auditors. The analyst administers Varonis to classify, monitor, and protect critical and sensitive data, ensuring evidence quality, least‑privilege access, and reduced operational risk.
Key Responsibilities
SOX Compliance & Internal Controls
- Support the design, documentation, and operation of IT General Controls (ITGCs).
- Execute and evidence SOX controls related to logical access and data integrity.
- Perform control testing, track deficiencies, and manage remediation.
- Serve as liaison with Internal Audit and external auditors.
- Other duties as assigned in support of the GRC function.
- Administer Varonis to classify and protect critical and sensitive data.
- Monitor access and detect excessive privileges and control violations.
- Produce audit-ready evidence and reports from Varonis.
- Perform SOX user access reviews for financial systems.
- Validate provisioning, modification, and termination controls.
- Support enhancement of the Sailpoint environment to enable access management.
- Bachelor’s degree in Accounting, Information Systems, Cybersecurity, or related field.
- 3–6 years of SOX-focused GRC or audit experience.
- Hands-on experience managing Varonis in SOX environments.
- Strong understanding of ITGCs, ICFR, and audit evidence standards.