GRC Analyst

At Podium, our mission is to help local businesses win. Our lead conversion platform, powered by AI and integrations, helps local businesses convert leads faster, communicate easier, and make more sales. Every day, thousands of local businesses utilize our review management, communication, marketing, and payments products.

Our work and focus on helping local businesses thrive has been recognized across the industry, including Forbes’ Next Billion Dollar Startups, Forbes’ Cloud 100, the Inc. 5000, and Fast Company’s World’s Most Innovative Companies.

At Podium, we believe in fostering a culture that thrives on hiring and developing exceptional talent. Our operating principles serve as a compass, guiding daily behavior and decision-making, and ensure we hire people who will thrive at Podium. If you resonate with our operating principles and are energized by our mission, Podium will be a great place for you!

The Role

As a Governance, Risk Management, and Compliance (GRC) security analyst, you will hold a pivotal and respected position within our organization. Your primary responsibility is to support our security initiatives and enhance our overall security stance. You'll play a crucial part in aligning our security strategy with both existing and emerging information systems. This means you'll need to grasp the intricacies of our legacy systems as well as stay abreast of new technologies and requirements.

The ideal candidate for this position is someone with a strong technical background and a minimum of five years of experience in security, compliance, or risk management. You'll be overseeing our compliance with various standards and regulations, including the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), General Data Protection Regulation (GDPR), Health Information Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS).

Working closely with our security leadership, you'll continuously evaluate and validate the effectiveness of our security program. You'll serve as the main point of contact for both internal and external auditors, ensuring that any outstanding issues related to compliance or security threats are addressed promptly.

What you will be doing:

• Conduct enterprise-wide risk analysis in collaboration with compliance and security teams, identifying strengths and weaknesses in security programs.
• Maintain oversight of GRC-related platform usage and administration, ensuring adherence to privacy, security, and compliance frameworks.
• Monitor third parties, vendors, and business partners to mitigate external risks, escalating issues to security management and business leads.
• Analyze findings and recommend security improvement initiatives that balance risk with operational efficiency and innovation, reporting gaps to security leadership.
• Stay informed about security changes affecting regulatory compliance and industry best practices, applying GRC expertise to key business areas.
• Define and track qualitative and quantitative metrics for assessing security program effectiveness, providing regular reports to security and business leaders.
• Ensure up-to-date configuration documentation and oversight of security systems and processes to minimize enterprise risk, participating in incident response activities as needed.
• Collaborate with security, audit, and risk management leaders to conduct ongoing program assessments and develop strategic technology and budget plans, serving as a liaison with auditors and overseeing disaster recovery and business continuity efforts.

What you should have:

• Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
• At least 5+ years’ experience in cybersecurity as a practitioner and 2 to 3+ years' exposure to various security frameworks.
• Strong business acumen and security technology skills for well-rounded proficiency and proven ability to align with security practices and compliance responsibilities.
• Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, HIPAA, GDPR, and GLBA. Additional experience in one or more of the following: ISO 27001/2, ITIL, or NIST.
• Exceptional written and verbal communication skills and a proven ability to translate security and risk to all levels of the business.
• The capacity to understand legacy and progressive technology, security controls, and respective risks. Working knowledge of technologies such as cloud computing, DevOps, and application security is required.
• Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management, and hardening guidelines.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Holds, or is working toward, one or more of the following: CISSP, CRISC, CGEIT, or GRCP.

What we hope you have:

• Prior team leadership experience preferred.
  
  
• Preferred experience with cloud environments such as Amazon Web Services (AWS) and Microsoft Azure.
• Prior experience with leading GRC systems from vendors such as Vanta, RSA, MetricStream, and IBM.
• Demonstrated problem-solving capabilities and ability to manage complex local and international security requirements.
• Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats.
• Successful track record of managing external entities’ contracts and relationships and mitigating risks to business development opportunities.
• Familiarity with state, federal, and international privacy laws.
• Highly trustworthy; leads by example.

Benefits:

• Open and transparent culture
• Life insurance, long and short-term disability coverage
• Paid maternity and paternity leave
• Fertility Benefits
• Generous vacation time, plus three 4-day summer holiday weekends
• Excellent medical, dental, and vision benefits
• 401k Plan with competitive company matching
• Bi-annual swag drops with cool Podium gear and apparel
• A stellar HQ (Utah) gym with local professional coaches and classes offered
• Onsite HQ (Utah) child care center, subsidized for employees
• Additional benefits for fully remote employees

Podium is an equal opportunity employer. Podium provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity or expression, age, disability, genetic information, marital status or veteran status.