Description
The IT Governance, Risk, and Compliance (GRC) team functions include maintaining and auditing information security controls to ensure conformance or compliance with applicable standards and local laws and regulations; enterprise-wide IT security awareness programming; monitoring compliance with security policy and applicable law. Participate in risk assessments, third party risk reviews, and assisting with audit/compliance activities.
RESPONSIBILITIES
- Perform security risk assessments for business and technology initiatives such as new vendors, critical vendors, and supporting software by reviewing security questionnaire responses, utilizing web app scanning technology and open-source software scanning technology, reviewing security compliance reports such as ISO27001, SOC 2, CSA, SIG, and more.
- Provide IT security due diligence reviews for sales and client functions.
- Assist in coordinating security awareness programming, including IT policy maintenance.
- Review policies and procedures related to Information Security and regulatory compliance.
- Engage in IT SOX, ISO 27001, SOC 1, SOC 2, PCI-DSS, FFIEC, PIPEDA, GDPR and other compliance activities.
- Ensure that data-related business requirements for protecting Paycom's sensitive data are clearly defined, communicated, understood and considered as part of operational planning and prioritization.
- Participate in management of an enterprise-wide data governance framework, with a focus on improvement of data quality, lineage and the protection of sensitive data through modifications to organization behavior, policies, standards and processes.
- Participate in risk assessments for projects.
- Engage in process review and improvement, document as required.
- Perform additional duties and assignments as requested.
Qualifications
Education/Certification:
- Bachelor's Degree required, CS, MIS or related field preferred
- Industry Certification (CISA, CRISC, CISM, CISSP, etc.) preferred
PREFERRED QUALIFICATIONS
Experience:
- 0-3 years of IT audit, or regulatory compliance
Skills/Abilities:
- General knowledge of risks associated with cloud and on-premise technology
- Information security standards such as IT SOX, SOC 1, SOC 2, ISO 27001, PCI-DSS, FFIEC, PIPEDA, GDPR
- Strong analytical and problem-solving skills
- Excellent written and verbal communication skills
- Highly responsive with an ability to handle escalations quickly and professionally
- Excellent written and verbal communication skills
- Strong research skills and willingness to seek information
- Maintain effective working relationships with supervisor and coworkers
Paycom is an equal opportunity employer and prohibits discrimination and harassment of any kind. Paycom makes employment decisions on the basis of business needs, job requirements, individual qualifications and merit. Paycom wants to have the best available people in every job. Therefore, Paycom does not permit its employees to harass, discriminate or retaliate against other employees or applicants because of race, color, religion, sex, sexual orientation, gender identity, pregnancy, national origin, military and veteran status, age, physical or mental disability, genetic characteristic, reproductive health decisions, family or parental status or any other consideration made unlawful by applicable laws. Equal employment opportunity will be extended to all persons in all aspects of the employer-employee relationship. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, training, promotion, discipline, compensation benefits, and separation of employment. The Human Resources Department has overall responsibility for this policy and maintains reporting and monitoring procedures. Any questions or concerns should be referred to the Human Resources Department. ****To learn more about Paycom's affirmative action policy, equal employment opportunity, or to request an accommodation - Click on the link to find more information: paycom.com/careers/eeoc
Apply on company website
Find Connections via Linkedin
