Analyst, Security

The Role:

The DailyPay Security Analyst is responsible for supporting the development, implementation, and management of the company’s governance, risk, and compliance programs. This role involves assessing risks, ensuring compliance with regulations and standards, and developing policies and procedures to protect the organization's information assets. The ideal candidate will have a strong understanding of regulatory requirements, risk management practices, and information security principles.

If this opportunity excites you, we encourage you to apply even if you do not meet all of the qualifications.

How You Will Make an Impact:

• Risk Management and Governance
  • Assist in the development and maintenance of security policies, standards, and procedures
  • Support the creation and management of governance frameworks to ensure security and compliance
  • Monitor and report on the effectiveness of security policies and procedures
  • Conduct risk assessments and identify potential security risks
  • Develop risk mitigation strategies and monitor their implementation
  • Maintain the risk register and ensure risks are regularly reviewed and updated
• Compliance
  • Ensure compliance with relevant regulations and standards (e.g., GDPR, SOX, PCI-DSS, SOC 2, ISO 27001)
  • Support internal and external audits by gathering evidence and documentation
  • Monitor changes in regulatory requirements and update compliance programs accordingly
• Security Awareness and Training
  • Develop and deliver security awareness training programs for employees
  • Promote a culture of security awareness throughout the organization
  • Ensure employees understand and adhere to security policies and procedures
• Incident Response
  • Assist in the development and maintenance of incident response plans
  • Participate in incident response activities, including investigation and documentation
  • Analyze incidents to identify root causes and recommend corrective actions
• Vendor Management
  • Assess and manage third-party vendors for compliance with security and privacy requirements
  • Conduct vendor risk assessments and ensure appropriate security measures are in place
  • Maintain records of vendor assessments and ensure they are regularly reviewed
• Documentation and Reporting
  • Develop IT General Control procedures
  • Maintain comprehensive documentation of all GRC activities
  • Prepare reports and presentations for management on GRC activities, findings, and metrics
  • Track and report on compliance and risk management initiatives.

What You Bring to The Team:

• Bachelor’s degree in Information Security, Computer Science, Business, or a related field
• Relevant certifications (e.g., CISA, CRISC, CISSP, CISM) are highly desirable
• 2+ years of experience in governance, risk, and compliance, information security, or a related field
• Experience with regulatory requirements and industry standards (e.g., GDPR, SOX, PCI-DSS, SOC 2, ISO 27001)
• Strong understanding of GRC concepts and best practices
• Knowledge of risk management methodologies and frameworks
• Proficiency in using GRC tools and software
• Familiarity with security standards and regulations
• Excellent analytical and problem-solving skills
• Strong communication and interpersonal skills
• Proactive in identifying risks and developing mitigation strategies

What We Offer:

• Exceptional health, vision, and dental care
• Opportunity for equity ownership
• Life and AD&D, short- and long-term disability
• Employee Assistance Program
• Employee Resource Groups
• Fun company outings and events
• Unlimited PTO
• 401K with company match