Security Analyst - GRC

Help empower our global customers to connect to culture through their passions.

Security Analyst - GRC Job Description

About the role

This hands-on Security Analyst - GRC position will be part of StockX's Information Security Technical Risk Management team, providing oversight, coordination, and delivering the activities supporting successful risk management activities including third parties for StockX. Members of this team work with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet StockX security requirements and mitigate any associated risks. 

What you’ll do

• Lead risk/security assessments of suppliers and third-party relationships to identify, validate and remediate cybersecurity risks. 
• Perform interviews, document design assessments and walkthroughs of cybersecurity controls.
• Support ongoing monitoring of suppliers and third-party to review compliance against compliance and regulatory requirements.
• Assist in managing technical risk register.
• Assist with performing quantitative and qualitative analysis for IT processes to produce Key Risk indicators
• Develop trusted relationships with stakeholders and other team members to gain consensus approvals on strategies, recommendations, findings and project plans etc.
• Remain current with emerging risks as well as solution trends in the marketplace.
• Possess an understanding of emerging technologies including but not limited to mobile and cloud technology.
• Contribute towards process improvement of team processes, templates, and tools.

About you

• Experience with legal and regulatory compliance standards such as SOC, SOX, GDPR, etc.
• Knowledge of risk management, risks and controls concepts, principles of ERM and GRC concepts, information security and/or data privacy (e.g ISO27001, NIST)
• Familiarity with NIST Cybersecurity Framework.
• Strong understanding of fundamental information security concepts and technology.
• Experience with IT GRC/IRM platforms is a plus.
• Experience with IT governance, risk, and compliance management in a large global environment.
• Excellent written and oral communication skills.
• Strong work ethic with attention to detail.
• Ability to excel in a fast-paced and rapidly changing environment
• 5-7 years of experience with a bachelor's degree in Information Security or equivalent
• CISSP, CISM, or similar preferred

About Us StockX is the premier current culture platform for buying and selling authentic, new, sought-after products. Our powerful marketplace connects buyers and sellers for sneakers, apparel, accessories, electronics, collectibles and trading cards around the world. We provide millions of global customers with unprecedented access and market visibility powered by real-time data, allowing them to transact based on true market value. Launched in 2016 in Detroit, Michigan, StockX now employs more than 1,500 people in offices and authentication centers in 11 countries.     We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position. StockX reserves the right to amend this job description at any time.