Job Description

As a GRC Cyber Analyst at Namely, you will be responsible for driving the security regulatory compliance of Namely's operations and platform that over 1,000 companies use to manage their employees and payroll. In this role you will drive the general function of security governance, risk, and compliance within the organization, including internal and external audits, security assessments, and control assessments, with a specific focus on managing security frameworks and legislation. You will interpret both internal and regulatory/framework changes, identifying impacts to systems, projects, and to Namely operations overall. You will maintain and communicate Namely information security policies and procedures, and be a champion for risk management and compliance company-wide. You will work in an open and collaborative environment and interface with individuals across all functions and levels of the organization to drive results.

Responsibilities:

• Maintain a strong knowledge of regulatory and framework requirements, standards, and their relationship to applicable systems, with a specific focus on SSAE18.
• Analyze current Namely standards and procedures to measure compliance with regulatory/framework requirements.
• Evaluate and ensure the proper level of documentation for policies, procedures, standards, and operational tracking throughout the organization to meet regulatory and framework requirements.
• Plan and guide projects to achieve and maintain compliance with relevant security frameworks and standards, while leading the planning and execution of assessments, audits, and exams.
• Complete and manage library of client security questionnaires.
• Perform organization risk assessments, to include vendor risk assessments, and ensure risk mitigating controls are implemented and operating effectively in areas that impact security and its ability to effectively comply with regulatory and exam frameworks.
• Consult on the development or modification of software, networks, hardware, and operations to maintain continual regulatory or framework compliance.
• Work closely with individuals at all levels of the organization and facilitate the implementation of corrective action as needed.

Requirements:

• Experience working within a GRC, internal technology audit, information security, or risk management function.
• Experience with industry-based information security & control frameworks (e.g. NIST Cyber Security Framework, ISO 2700x, SOC I & II (SSAE18), PCI DSS, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.).
• Compliance experience with regulations and regulatory bodies like HIPAA, NY State Department of Financial Services (NY 23 CRR 500), and GDPR
• Attention to detail and experience with security practices and tooling.
• Excellent ability to communicate complex ideas to diverse audiences (written and oral), particularly in understanding and communicating technical issues to non-technical teams.
• Experience working across functional teams to drive projects and tasks to completion.
• Excellent ability to multitask and prioritize effectively with minimal supervision

Nice to Have:

• Experience working with and/or auditing against modern cloud Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) technologies
• Audit or technical security certifications: SANS GIAC (GSNA), ISACA (CISA), EC-Council, ISC2 (CISSP), OSCP etc.
• Previous work experience at a startup or in the HR/Financial space

About Namely

Namely is the first HR, payroll, and benefits platform employees actually love to use. People are at the center of everything we do—from our platform to our staff. Why join us? We believe every company and every employee deserves a great workplace, supported by HR technology they use and love. Most importantly, we believe in giving you the tools you need to do the best work of your career.

We invite you to fill out the EEO survey below as part of our ongoing diversity initiatives at Namely. Your participation in the survey is completely optional and voluntary, and none of the information you provide will be considered in the hiring process or with respect to any employment decision made by Namely. Namely will have access only to anonymized data submitted through these surveys.