Senior Governance, Risk, and Compliance Analyst

Job Description

Cardinal, a Visa solution, is a global leader in authenticating digital transactions. We work every day to make the digital shopping experience safe, rewarding, and engaging. We’re a global leader not only because of what we do, but because of who we are. Our team represents the best of the best. We work in a way that suits our people, their lifestyles, work styles, and individuality. We work hard as a team to collectively meet - and exceed – goals and consider each other family. We are one of the leading fintech companies in Northeast OH with teams locally and around the world working remotely. We are proud of what we do and how we do it.

When you work with us, you get the best of two worlds. Cardinal is a small company, with a welcoming, family-like atmosphere. But as a Visa solution, we offer the world-class resources and benefits of a global company. As companies with a worldwide customer base, both Cardinal and Visa realize the benefits of having a diverse employee base, both for our products and customer service. We believe in promoting a diverse and inclusive workplace. Our employees come with different backgrounds and experiences, resulting in many different approaches that are part of our success. We are committed to empowering each and every one of our over 250 (and growing) employees. We show respect to others and believe in fair and equal treatment. We are dedicated to continuous improvement in all that we do. We use Lean and Agile principles and rituals as the framework for achieving that improvement. To achieve these goals, we need accomplished and ambitious people - people that recognize the value that comes with the varying perspectives, and the cultural awareness that comes with our diversity. What we are looking for could be someone just like you.

Cybersecurity is at the beating heart of our culture. Our diligence and expertise is what makes us the undisputed leader in electronic payments. We’ve made it our priority to create a top-tier Security Architecture team, poised to defend us against any potential cyber threats. We’re looking for those of you who are inherently driven and fascinated by the art and science of cyber defense. We’ll arm you with the very best tools and tech so that you can deliver top notch results.

As part of the Security team at Cardinal, the Senior Governance, Risk, and Compliance (GRC) Analyst is responsible for supporting the day-to-day IT compliance, data governance, and IT risk management functions. The role involves primary responsibility for administering client, partner, and third-party security engagements, including preparation, collecting responses, and providing artifacts. The Senior GRC Analyst will lead Cardinal's GRC processes and procedures, drive efficiency and accuracy of GRC deliverables, and guide other Analysts on the team.

What You'll Do:

• Facilitate security and compliance assessments from scoping through remediation.
• Assist sales and support groups in the completion of customer and partner assessments and audits.
• Assemble assessment artifacts. Collaborate with Cardinal staff in gathering responses, tracking activities, working with external parties to define IT security standards, and develop supporting organizational procedures.
• Assist business units, ensuring IT and business controls are adequate, appropriate, and effective.
• Assist with periodic gap and self-assessments to validate compliance.
• Track and report user access control reviews including schedule, compliance, risks, and control failures.
• Manage efforts to track and monitor overall GRC activities, risks, compensating controls, and control failures.
• Lead development and maintenance of GRC processes and procedures.
• Lead high-profile external audits and assessments, including the annual PCI audit.
• Continuing education of Cardinal staff on their responsibilities to GRC compliance within the organization.
• Lead Cybersecurity team awareness program.
• Facilitate the promotion of a compliance culture that encourages an "open door" policy for staff to seek clarification on security or compliance matters.
• Stay current and informed on developing regulatory concerns and changing IT and information security trends.
• Continuous improvement of GRC processes and procedures.
• Other duties as assigned.

What We Need You to Have:

• 5+ years of work experience in information security and/or IT risk management with a focus on compliance.
• Minimum of a Bachelor's degree in computer science, information technology, or a related field.
  • In lieu of a Bachelor's degree, a high school diploma or equivalent, and an additional 2 years of hands-on work experience with appropriate industry certifications, will be considered.
• Any combination of the following certifications is required: PCIP, CISSP, CISA, CISM, Security+, CySA+, or similar industry-recognized certifications.
• Hands-on experience with legal and regulatory compliance standards and activities such as PCI 3DS, PCI DSS, SOC 1/2, HIPAA, and CaCPA.
• Experience leading or supporting the entire lifecycle of an external assessment or audit, including but not limited to PCI DSS audit.

What We'd Love for you to Have:

• Atlassian Confluence and Jira experience.
• Knowledge of administrative, physical, and technical controls that could be built around networks, systems, and applications to secure them.
• User-level experience with IT GRC/IRM platforms (Oracle, RSA Archer, MetricStream, etc.).
• Experience with security technologies including, but not limited to, security policies and standards, policy enforcement, and patch/configuration management.
• Demonstrated ability to understand and assess risk, technical and organizational controls, and tradeoffs and implications with business productivity and operations.

Physical Requirements:

This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, and reach with hands and arms. Cardinal/Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Cardinal/Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Location:

This role is eligible for remote work from anywhere in the US, or could be based out of our headquarters in Cleveland, OH.