GRC and InfoSec Analyst

Purpose

This is an in-office position based in Phoenix, Arizona. You must be able to commute to the office.

As a GRC and InfoSec Analyst, you’ll be the go-to person for keeping company data, systems, and reputation secure. You’ll implement and manage the policies, checks, and safeguards that protect infrastructure and ensure preparedness for audits. On a daily basis, you’ll collaborate with colleagues to trace data flow through systems, identify vulnerabilities, and plan solutions. You’ll work closely with auditors—both internal and external—to gather evidence, resolve findings, and keep leadership informed about the organization’s risk landscape.

Your primary focus will be maintaining full PCI DSS compliance, but you’ll also ensure adherence to privacy regulations such as GDPR, CCPA, DSA, DMA, and Australia’s Privacy Act 1988. By combining technical expertise with a solid understanding of regulations, you’ll help the company stay ahead of threats, reduce risks, and demonstrate to customers and partners that security is a top priority.

Key Responsibilities

• Draft, maintain, and socialize cybersecurity, privacy, and risk policies and procedures.

• Perform regular risk assessments, document findings, and track remediation to closure.

• Monitor compliance with PCI DSS, GDPR, CCPA, DSA, DMA, and other relevant frameworks.

• Coordinate and support internal and external audits, supplying evidence and managing follow-ups.

• Implement and oversee technical and administrative controls that reduce risk and meet regulatory requirements.

• Maintain metrics and dashboards that summarize compliance status and risk posture for leadership.

• Track global regulatory changes and update internal practices accordingly.

• Support data-privacy initiatives across products and services, ensuring lawful processing and secure handling of personal data.

• Collaborate with Legal, Development, Operations, and Product teams to embed security and compliance into projects and daily activities.

• Serve as an internal subject-matter resource on GRC best practices, tools, and emerging threats.

Qualifications

Skills Required

• Working knowledge of PCI DSS, GDPR, CCPA, DSA, DMA, and other global regulations.

• Proficiency with risk-management concepts, control frameworks, and GRC platforms.

• Solid grasp of cybersecurity principles, threat landscapes, and security tooling (SIEM, EDR, firewalls, IDS/IPS, PAM).

• Strong analytical and problem-solving abilities; comfortable interpreting audit evidence and technical data.

• Clear, concise written and verbal communication suited to technical and non-technical audiences.

• Ability to prioritize, manage multiple projects, and meet deadlines in a fast-paced environment.

Education & Certifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.

• Preferred certifications: CISSP, CISM, CRISC (or comparable security/governance credentials).

Experience

• 1–3 years in a dedicated GRC, security-compliance, or risk role.

• 4+ years overall enterprise IT experience.

• 2+ years hands-on information-security experience within a corporate environment.

Physical Requirements

• Frequent use of the computer, keyboard, and standard office equipment.

• Ability to sit or stand at a workstation for extended periods.

• Occasional movement of documents or equipment up to 15 lbs.

• Regular verbal communication via phone, video, and in-person meetings.

• Periodic travel (up to 10%) for audits, training, or compliance reviews.

...