Senior GRC Analyst (remote)

Virtual, USA

  • ID:2024-3419
  • Category: Engineering

Overview

Frontdoor is reimagining how homeowners maintain and repair their most valuable asset – their home. As the parent company of two leading brands, we bring over 50 years of experience in providing our members with comprehensive options to protect their homes from costly and unexpected breakdowns through our extensive network of pre-qualified professional contractors. American Home Shield, the category leader in home service plans with approximately two million members, gives homeowners budget protection and convenience, covering up to 23 essential home systems and appliances. Frontdoor is a cutting edge, one-stop app for home repair and maintenance. Enabled by our Streem technology, the app empowers homeowners by connecting them in real time through video chat with pre-qualified experts to diagnose and solve their problems. The Frontdoor app also offers homeowners a range of other benefits including DIY tips, discounts and more. For more information about American Home Shield and Frontdoor, please visit frontdoorhome.com .

Responsibilities

  • Security & Compliance: Lead efforts in the evaluation of existing architecture and processes to identify design and operating effectiveness gaps or process improvements, implement and manage security controls, promote security awareness and training, execute regular security assessments to identify risk related to technology, security and/or privacy.

  • IT Risk Management: Responsible for the continuous assessments and documentation of the Company’s compliance status and risk posture to assist in protection of assets, decision-making and operational efficiency.

  • IT Policy Management: Serve as a SME in the creation, implementation, and revision of IT policies within the Company based on legislative and regulatory requirements, emerging threats and process maturation.

  • Third-Party Risk Management: Facilitate third-party risk due diligence activities and evaluations for identifying, assessing, mitigating and managing risks related to vendors and service providers.

  • Regulatory Compliance: Lead efforts in the design, implementation, training and maintenance of a common controls framework for continuous testing and monitoring of all information security controls. Lead information security compliance activities related to PCI-DSS, SOC2, and SOX.

  • Data Security & Privacy: Assist in the design, implementation, training, and standardization of security controls for the processing, storage, and transmission of sensitive and PII data.

  • Disaster Recovery: Participate in disaster recovery (DR) design, planning, implementation and testing activities for critical assets and processes.

  • Security Awareness :Develop and execute annual and continuous cybersecurity awareness trainings, plan and execute on internal cybersecurity awareness events and sessions on trending content, and help to enhance security awareness culture.

  • Cyber Risk Management : Work closely with InfoSec team members to identify, manage and monitor risks and their associated remediation activities related to incidents, vulnerabilities, patching anomalies, penetration testing deficiencies, phishing campaigns, security architecture review exceptions and security posture ratings.

Qualifications

  • 10+ years of practical experience in the design, build, test and deployment of Governance, Risk and Compliance (GRC) frameworks and related programs.

  • Technical ability to develop robust automated GRC processes to minimize manual work and gain efficiencies.

  • SME and experience conducting audits or security assessments related to GITC SOX, COBIT, ITIL, ISO, NIST, PCI-DSS, SOC2 and Data Privacy Laws.

  • Experienced in the creation and maintenance of documented security policies, standards, and guidance.

  • Familiarity with the NIST or ISO cybersecurity and risk frameworks and their components

  • Proficient in standard assessment tools and cyber risk management frameworks.

  • Ability to effectively problem-solve, negotiate, communicate with and influence cross-functional stakeholders, make decisions related to risk management activities, and develop reporting metrics.

  • Functional knowledge of key security domains: security and risk management, asset security, security architecture and engineering, network security, identity and access management, security operations and software development security.

  • Effective written and verbal communication skills, especially translating between business and technical terminology.

  • Ability to communicate with stakeholders to effectively convey technical and process improvements.

  • Ability to communicate to the process owners any pending risks, and control deficiencies and monitor remediations

  • Critical thinking and analytical skills to synthesize information, perform root-cause analysis, and provide practical recommendations to management to address the gap or weakness.

  • Commitment to stay current with emerging security and privacy trends.

  • Strong attention to detail, project management and organizational skills.

  • Self-starter with ability to effectively manage workloads across multiple stakeholders and time zones.

  • Ability to work with a sense of urgency and quickly shift priorities, projects and timelines as needed.

Preferred Qualifications:

  • CISA, CISSP, CISM, CRISC, CDPSE or other security training/certifications.

  • Hands on experience or proficiency in GRC and security tools.

  • Knowledge Cloud Computing, Mobile Apps, and End User Computing security best practices.

Other/State Specific

This role pays between $ 105k to $ 152k , and your actual base pay will depend on your skills, qualifications, responsibilities, experience, and location.

At Frontdoor certain roles are eligible for additional rewards and incentives. Speak directly to your recruiter to learn more.

Our approach to benefits is holistic, and includes health, wellbeing and financial components including: insurance for medical/pharmacy, dental, vision, life, and disability, weight loss and smoking cessation programs, matching 401(k) and ability to participate in our employee stock purchase plan.

Need help finding the right job?

We can recommend jobs specifically for you!

Job Locations US

ID 2024-3419

Category Engineering

Type Full Time

Company AHS American Home Shield Corp

Apply Now opens a new window

Frontdoor is a company that’s obsessed with taking the hassle out of owning a home. With services powered by people and enabled by technology, it is the parent company of four home service plan brands: American Home Shield, HSA, Landmark and OneGuard, as well as AHS Proconnect , an on-demand membership service for home repairs and maintenance, and Streem, a technology company that enables businesses to serve customers through an enhanced augmented reality, computer vision and machine learning platform. Frontdoor serves more than two million customers across the U.S. through a network of more than 16,000 pre-qualified contractor firms that employ over 45,000 technicians. The company’s customizable home service plans help customers protect and maintain their homes from costly and unexpected breakdowns of essential home systems and appliances. With nearly 50 years of experience, the company responds to over four million service requests annually (or one request every eight seconds). For more details, visit frontdoorhome.com.