What are the responsibilities and job description for the Sr. IT GRC Analyst - Compliance position at Paycom?
The IT Governance, Risk, and Compliance (GRC) team functions include maintaining and auditing information security controls to ensure conformance or compliance with applicable standards and local laws and regulations; enterprise-wide IT security awareness programming; monitoring compliance with security policy and applicable law. Participate in risk assessments, third party risk reviews, and assisting with audit/compliance activities. Work with groups in IT, development, and other business units to document audit requirements and implement relevant controls.
Responsibilities
Responsibilities
- Perform and peer review security risk assessments for business and technology initiatives such as new vendors, critical vendors, and supporting software by reviewing security questionnaire responses, utilizing web app scanning technology and open-source software scanning technology, reviewing security compliance reports such as ISO27001, SOC 2, CSA, SIG, and more.
- Provide security recommendations to system and technology owners.
- Develop and coordinate security awareness programming,
- Facilitate and recommend updates to IT controls, procedures, and policies.
- Assess compliance with policies and procedures related to Information Security and regulatory compliance.
- Supervise and engage in IT SOX, ISO 27001, SOC 1, SOC 2, PCI-DSS, FFIEC, PIPEDA, GDPR and other compliance activities.
- Define, communicate, and ensure inclusion of data-related business requirements in operational planning and prioritization.
- Manage an enterprise-wide data governance framework, with a focus on improvement of data quality, lineage and the protection of sensitive data through modifications to organization behavior, policies, standards and processes.
- Lead risk assessments for projects.
- Engage in process review and improvement, document as required.
- Perform additional duties and assignments as requested.