Governance, Risk, & Compliance (GRC) Analyst

  • 225 S Sepulveda Blvd, Manhattan Beach, CA 90266, USA
  • Full-time

Company Description

Join the thousands of innovators, advocates and forces who are making an impact every day at one of the biggest footwear brands in the world. Whether you love to connect with consumers on the retail floor or want to drive our award-winning powerhouse in new directions, the SKECHERS team is the place to be. Learn more about our brand at skx.com. 

Job Description

Working as part of the information security office within the IT department at Skechers, the GRC analyst will be responsible for leading the day to day IT compliance, data governance, and IT risk management functions. The role will include primary responsibility for defining, creating, and managing IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.


ESSENTIAL JOB RESULTS

  • Collaborate to define IT security standards and develop supporting organizational policies.
  • Perform security and compliance assessments on new and existing systems, processes, technology.
  • Support vendor due-diligence process and help to lead and define overall third party risk management efforts.
  • Work with various business units to ensure controls are adequate, appropriate, and effective.
  • Support internal and external audit process for relevant compliance concerns including PCI-DSS, SOX, GDPR.
  • Participate in disaster recovery and business continuity planning.
  • Perform business impact analysis and assist with development of IT/InfoSec risk register.
  • Interface with global IT and business partners to provide guidance and support.
  • Perform periodic gap assessments to validate compliance on an ongoing basis.
  • Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.


ADDITIONAL RESPONSIBILITIES

  • Other duties as assigned.


SUPERVISORY RESPONSIBILITIES

  • No.  


JOB REQUIREMENTS

  • Significant experience with legal and regulatory compliance standards such as PCI-DSS, SOX, GDPR, HIPAA, CaCPA, etc.
  • Familiarity with ISMS and security frameworks, particularly NIST Cybersecurity Framework.
  • Strong understanding of fundamental information security concepts and technology.
  • Experience with IT GRC/IRM platforms (Oracle, RSA Archer, MetricStream, etc.).
  • Experience with IT governance, risk, and compliance management in a large global environment.
  • Excellent written and oral communication skills.
  • Strong work ethic with attention to detail.
  • Ability to excel in a fast paced and rapidly changing environment.

 

EDUCATION AND EXPERIENCE

  • Bachelor’s degree in related field or equivalent work experience.
  • ISACA or (ISC)2 Certification a plus.

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The skills, abilities and physical demands described are representative of those duties that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities, who are otherwise qualified for the job position, to perform the essential functions.

Additional Information

PHYSICAL DEMANDS

While performing the duties of this job, the employee is regularly required to stand; use hands to finger, handle, or feel, and talk or hear.  The employee frequently is required to walk, sit, reach with hands and arms, stoop, and kneel. The employee is occasionally required to sit for long period of times.  

All your information will be kept confidential according to EEO guidelines.

 

Privacy Policy