Robert Half · 7 hours ago
Governance Risk & Compliance Analyst III
United States
Full-time
Remote
Mid, Senior Level
$64K/yr - $96K/yr
5+ years expRobert Half, one of FORTUNE’s World’s Most Admired Companies, is hiring for a Governance Risk & Compliance Analyst III to join the Information Security Services team. The role involves ensuring the maturity and growth of information risk management, compliance, and policy lifecycle while advising management on critical security issues and managing global compliance efforts.
ConsultingHuman ResourcesRecruitingSecurity
Responsibilities
Ensure the continued adoption, maturity, and growth of the following functional areas through adequate planning and sustained execution of required activities: Information Risk Management, Audit Lifecycle, Policy Lifecycle, Compliance
Responsible for planning, design, enforcement and audit of security policies and procedures which safeguard access to and integrity of RH's global enterprise systems, files, and data elements
Maintain knowledge of changing global regulations, guidance and best practices that would result in recommended policy revisions subject to approval
Identify and advise RH management of critical issues that may affect customer or corporate security objectives
Assist in managing global policies, legal, regulatory, and contractual annual certification and compliance efforts (ISO-27001, SOX, SOC2, HIPAA PCI-DSS, Etc.)
Act as security risk advisor leveraging industry experience and skills to meet global regulation timelines aligned to business demands
Facilitate both internal and external audit teams to identify and report on the effectiveness of implemented information protection controls to determine the overall security posture of RH
Maintain security requirements documentation
Contribute and advocate for the ongoing GRC Risk Management program for RH, which will include facilitating risk decisions from stakeholders, tracking risk remediation efforts, developing risk management metrics, and responding to security RFI questionnaires
Evaluate business-related controls for integrating business and information system security and risk mitigation efforts. Develop and implement tools to support automated risk management and compliance efforts
Works closely with our domestic and international business stakeholders, business and IT management, internal audit, and legal counsel to understand business requirements related to security, and regulatory compliance, and to map those requirements to current security and project requirements with intermediate to complex level needs
Ensure that new projects and existing application and system implementations comply with applicable compliance frameworks and RH’s information security requirements
Act as the liaison between the Enterprise Information Security supporting ATI, ESS, ITSS, Protiviti CIO, CTO, and the Business for any security IT risk and ensure timely resolution of intermediate to complex issues and initiatives
Provide guidance to functional teams with the implementation, monitoring, and reporting of security control processes, documentation, and compliance measures
Advance relationships with developers and engineers; leverage influencing skills to help accelerate the continuous integration of security tools and best practices into our software development lifecycle (SDLC) across all business verticals
Experience with GRC Tools, automation and integration with other applications that are sources of evidence
Promote and manage the communication of best practices for enhanced collaboration among Enterprise Information Security and our large, varied internal development communities
Identify opportunities for security posture improvement and closely partner with the larger EIS organization and provide advice on a broad range of security strategies
Contribute and maintain the efficiency, effectiveness and innovation of the program as well as tracking results
Actively represent and show presence in the organization as a thought leader and program driver for security awareness and providing useful and meaningful metrics on security effectiveness/exposures
Work with other corporate compliance personnel and the representatives from IT to identify Information Security Policies that require intermediate to complex level creation/updates and also process exceptions requested for existing policies. Support Policy awareness and monitoring activities for sustaining adequate compliance
Qualification
Required
Bachelor's Degree (B.A.) or equivalent combination of education and experience in Information Risk Management, Engineering, Management Information Systems or related curriculum
5+ years' professional work experience, including 4+ years of working knowledge of information risk management lifecycle, concepts, regulatory compliance (e.g. SOX, HIPAA, PCI etc.) activities, information security, and application of those in multiple IT environments required
Basic understanding of systems development life cycle methodologies required
Strong working knowledge of GRC methodologies, risk analytic tools and development of information risk metrics required
Strong working knowledge of executing activities related to Information Security Policy Lifecycle required
Working knowledge of reviewing and responding to prospects and existing client security and compliance questions in RFIs required
Working knowledge of Application Security, Infrastructure security, audit, and control methods
Strong capabilities in gap analysis, review and validation of relevant security and regulatory requirements
1 or more Professional certifications from (CISA, CISM), (ISC)2 (CISSP), and/or ISO-27001
Experience working with cloud based technologies such as AWS or Azure
Excellent communication, teamwork, and client service skills
Demonstrates integrity within a professional environment
Strong working experience interacting with external auditors, management, and internal resources to discuss and address security concerns
Self-learner and ability to work in an agile and cross functional environment
Excellent presentation and skills
Project management skills
Results-oriented person who can achieve tangible improvements in the corporate security arena
Strong multi-tasking and analytical/troubleshooting skills
Aptitude to prioritize and load balance sensitive projects concurrently
Strong organizational, time management, decision making, and problem-solving skills
Benefits
Group health insurance benefits (medical, vision, dental)
FSA and HSA healthcare accounts
Life and accident insurance
Adoption and fertility assistance
Paid parental leave of up to 6 weeks
Short/long term disability
Paid time off for vacation, personal needs, and sick time
Up to 17 days of CTO per calendar year
Up to 11 paid holidays per calendar year
401(k) savings and investment plan or deferred compensation plan (if eligible), with an employer match of 100% on the first 3% of your contributions for eligible employees
Company
Robert Half
🔒 At Robert Half, we prioritize your security—if you believe you've encountered a scam or fraudulent recruiter, please report it immediately to https://www.roberthalf.com/us/en/fraud-alert.
10001+ employees
Funding
Current Stage
Public CompanyTotal Funding
unknown1978-01-13IPO
Leadership Team
Keith Waddell
President and CEO
Paul Gentzkow
President and Chief Executive Officer, Talent Solutions
Recent News
EIN Presswire
2025-04-14
Company data provided by crunchbase