Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets
Job Description :
Senior Governance, Risk and Compliance (GRC) Analyst
Hybrid Role 3 days in office 2 remote.
Location 1211 6th Ave.
The Governance, Risk and Compliance (GRC) Analyst will have a strong understanding of cyber security control principles, privacy principles and a sound understanding of global regulatory and compliance requirements.
Support the maintenance of the News Corp Global Cyber GRC Program, including the management, monitoring and reporting of cyber risks and issues, cyber security policy exceptions, performing cyber due diligence against News Corp's 3rd party supply chain, support the review and implementation of standards, guidelines, and processes to ensure compliance is maintained and the organization’s cyber risk is managed appropriately.
What’s The Role
- Support the assessment of defined cyber security controls to identify compliance with cyber security policy requirements across the business.
- Support the implementation and review of cyber risk assessments and cyber control assurance by collaborating with both local and global team members.
- Support with the annual review and update of global policies and procedures related to GRC to ensure they remain current and effective.
- Support the management and monitoring of 3rd party vendors through vendor risk assessments. Review vendor findings and work transparently with key stakeholders on remediating, mitigating or accepting the cyber risks and issues identified.
- Support internal and external stakeholders for Cyber Security compliance requirements for PCI DSS, SOX, HIPAA and Privacy compliance.
- Support the Cyber Security Awareness Manager during awareness campaigns, including the reporting of findings, points of interest and lessons learnt analysis.
- Contribute to the regular reporting of cyber security metrics to measure and track cyber risk and the effectiveness of the Cyber risk and issue management function.
- Work independently with cross-functional teams to identify and mitigate risks. Foster a culture of compliance and risk awareness throughout the organization.
- Stay up-to-date with industry trends, regulatory changes, and emerging risks. Recommend improvements to GRC processes and tools to enhance efficiency and effectiveness.
Who are you?`
- 6+ years’ experience within Cyber Security or Technology Risk related fields
- Demonstrated experience in cyber governance, cyber risk and compliance in a dynamic and complex business environment.
- Knowledge and (preferably) experience with industry frameworks and standards such as NIST CSF, PCI-DSS, SOX IT General Controls and ISO 27001/2.
- Strong communication skills and the ability to work autonomously while managing multiple projects
- Qualification in information security or risk management is highly regarded.
- Preferred experience with GRC tools such as ProcessUnity, RSA Archer, or similar platforms.
- Excellent analytical, problem-solving, and critical-thinking skills, with the ability to interpret complex regulations and translate them into actionable policies.
What’s in it for you?
- Collaborative environment.
- Opportunity to innovate, challenge the norm and pioneer the way forward.
- Variety of work where no two days are the same.
- Exposure to global operations, teams and networks.
Preferred Certifications (not Required)
- CRISC (Certified in RIsk and Information Security)
- CISSP (Certified Informations Systems Security Professional)
- Any other relevant certifications in the space of cyber security
Job Category:
Pay Range: 90,000 - 120,000
We recognize that attracting the best talent is key to our strategy and success as a company. As a result, we aim for flexibility in structuring competitive compensation offers to ensure we are able to attract the best candidates. The quoted salary range represents our good faith estimate as to what our ideal candidates are likely to expect, and we tailor our offers within the range based on the selected candidate's experience, industry knowledge, location, technical and communication skills, and other factors that may prove relevant during the interview process.
Pay-for-performance is a key element in our strategy to attract, engage, and motivate talented people to do their best work. Similarly to salary, for bonus eligible roles, targets are set based on a variety of factors including competitive market practice.
For benefits eligible roles, in addition to cash compensation, the company provides a comprehensive and highly competitive benefits package, with a variety of physical health, retirement and savings, caregiving, emotional wellbeing, transportation, and other benefits, including "elective" benefits employees may select to best fit the needs and personal situations of our diverse workforce.