Information Security Analyst - GRC

Help empower our global customers to connect to culture through their passions.

Why you’ll love this role

This hands-on Security Analyst - GRC position will be part of StockX's Information Security Technical Risk Management team, leading efforts to document, communicate, and execute the security program. Members of this team work with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet StockX security requirements, mitigate risks, and ensure compliance. This is a critical IC role on the StockX Information Security team and will work with several stakeholders in Product, Engineering, Operations, Customer Service, Safety & Trust, & IT.

What you’ll do

• Drive and define governance processes/controls
• Lead development of responses to inquiries and evidence requests for anything related to security
• Develop and maintain an in-depth knowledge of our cybersecurity program and practices and the correlation to business outcomes
• Develop a broad understanding around the implementation of the organization’s security controls through end-to-end process analysis
• Build teamwork and synergies among personnel throughout the organization working closely with counterparts within other areas of the business and external firms where applicable
• Develop trusted relationships with stakeholders and other team members to gain consensus approvals on strategies, recommendations, findings and project plans etc.
• Provide support activities that enable and ensure that StockX is ready to meet and demonstrate compliance with security standards, regulatory requirements and contractual obligations.
• Drive large complex cross-team security initiatives.
• Track progress, resolve dependencies, evaluate risks and communicate status to upper management and stakeholders.  Engage and energize program teams to achieve aggressive goals.

About you

• Experience with legal and regulatory compliance standards such as SOC, SOX, GDPR, etc.
• Knowledge of risk management, risks and controls concepts, principles of ERM and GRC concepts, information security and/or data privacy (e.g ISO27001, NIST)
• Familiarity with NIST Cybersecurity Framework.
• Strong understanding of fundamental information security concepts and technology.
• Strong project/program management background
• Experience with IT GRC/IRM platforms is a plus.
• Possess an understanding of emerging technologies including but not limited to mobile and cloud technology.
• Experience with IT governance, risk, and compliance management in a large global environment.
• Excellent written and verbal communication skills.
• Strong work ethic with attention to detail.
• Ability to excel in a fast-paced and rapidly changing environment
• Strong organizational skills
• 5-7 years of experience with a bachelor's degree in Information Security or equivalent or 2-3 years with a master’s degree
• CISSP, CISM, CSM, PMP or similar preferred

Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.

Pursuant to the various pay transparency laws/acts, the base salary range is $120,000 to $135,000 plus opportunities for benefits (e.g., medical, dental), equity and discretionary bonuses. Compensation is dependent on geography and may vary.

About Us StockX is the premier current culture platform for buying and selling authentic, new, sought-after products. Our powerful marketplace connects buyers and sellers for sneakers, apparel, accessories, electronics, collectibles and trading cards around the world. We provide millions of global customers with unprecedented access and market visibility powered by real-time data, allowing them to transact based on true market value. Launched in 2016 in Detroit, Michigan, StockX now employs more than 1,500 people in offices and authentication centers in 11 countries.     We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position. StockX reserves the right to amend this job description at any time.