Governance, Risk and Compliance Security Analyst
Metro-Goldwyn-Mayer Studios Inc
Culver City, CAThis was removed by the employer on 8/30/2022 5:08:00 PM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Search for Governance, Risk and Compliance Security Analyst jobs in Culver City-CA
Search all Governance, Risk and Compliance Security Analyst postings
Full Time Job
Governance, Risk and Compliance (GRC) Security Analyst
Metro-Goldwyn-Mayer Studios Inc. ("MGM") is seeking a Governance, Risk, and Compliance (GRC) Analyst to help expand our security organization. The GRC Security Analyst will support the security strategy of the business within new and existing information system capabilities. The position requires both an understanding of legacy systems, as well as new technologies and requirements. The GRC Security Analyst is also responsible for the planning and design of policies, as well as the implementation and maintenance of said policies.
The Team: We're an enthusiastic group of individuals who have a passion for protecting our storytellers, creatives, workforce, content and over 96 years of Hollywood history. We pride ourselves on being innovative and progressive in all areas of information and cybersecurity. Our mission is to build frictionless security to support business enablement. Inclusiveness and empowerment are part of our ethos to elevate our team and the infosec community. Our ideal candidate can find creative ways to solve complex security challenges, not be afraid to try new things, and be willing to share their knowledge and empower others.
Responsibilites:
• Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
• Maintain oversight in a GRC-related platform.
• Document, formulate, and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities.
• Analyze findings and document, recommend, and report program gaps to security leadership.
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
• Apply GRC expertise across key lines of business, including products, practices, and procedures.
• Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
• Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes.
• Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.
• Work in tandem with security, audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
• Liaise with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
• Act as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance, and privacy laws.
• Basic Qualifications:
• Experience with cloud environments such Amazon Web Services (AWS), Microsoft Azure or Google Cloud.
• Experience and understanding of various regulatory requirements and laws, such as PCI, SOX, HIPAA, GDPR and GLBA. Additional experience in one or more of the following: ISO 27001/2, ITIL or NIST.
• Working knowledge of technologies such as cloud computing, DevOps and application security is required.
• Familiarity with state, federal and international privacy laws.
• Understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines.
• • Preferred Qualifications:
• • 3 years of experience within the cybersecurity and/or audit field with exposure to security frameworks.
• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
• Experience with GRC tools such as RSA, ZenGRC, OneTrust GRC.
• Experience with policy writing, implementation, and enforcement.
• Certifications such as CISSP, CISA, and/or CIPP are a plus.
Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.