GRC Risk & Security Analyst

Analyze access privileges, segregation of duties, and other control mechanisms to identify potential risks

Conduct regular risk assessments to identify and evaluate potential threats and vulnerabilities

Analyze security controls, policies, and procedures to identify gaps and weaknesses

Develop risk matrices and prioritize risks based on likelihood and impact

Perform third-party vendor risk assessments to evaluate the security posture of new and existing vendors, ensuring they meet DailyPay's security and compliance standards

Lead and support DailyPay's third-party risk assessment program, including initial onboarding assessments, periodic reviews, and offboarding of vendors

Evaluate vendor security questionnaires, SOC 2 reports, penetration test results, and other security documentation to assess risk exposure

Maintain the vendor risk register and track remediation of identified gaps or deficiencies

Serve as a point of contact for customers and partners conducting security assessments of DailyPay, responding to security questionnaires, RFPs, and due diligence requests in a timely and accurate manner

Collaborate cross-functionally with Legal, Procurement, and Engineering to ensure third-party contracts include appropriate security requirements and data protection clauses

Ensure compliance with relevant regulatory and industry frameworks (e.g. SOC2, ISO 27001, PCI DSS, SOX 404, GDPR, CCPA)

Develop and maintain compliance documentation and evidence

Assist in the development, implementation, and maintenance of information security policies including building relevant procedures to meet policy objectives

Ensure adherence to established policies and procedures by conducting regular audits and reviews

Identify and address non-compliance issues

Oversee periodic access reviews to ensure that individuals have appropriate access privileges based on their roles and responsibilities

Certify access reviews and recommend changes as needed

Assist in the development, implementation, and maintenance of security controls

Review and evaluate the effectiveness of existing controls

Identify and address control deficiencies

Collaborate with the IAM team to ensure effective management of user identities and access privileges

Assist in the implementation and maintenance of IAM systems and processes

Contribute to incident response plans and procedures related to information security incidents

Assist in the investigation and remediation of security incidents

3+ years of experience in a GRC or information security role

Experience with GRC and Third Party Risk Management tools

Experience in a regulated public company is preferred

Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience)

Certification in CISA or CISSP

Strong understanding of access governance principles, frameworks, and best practices

Knowledge of risk management frameworks (e.g., NIST RMF, FAIR)

Strong interpersonal and communication skills, with the ability to collaborate effectively across internal teams, engage with external vendors during risk assessments, and professionally represent DailyPay when responding to customer security inquiries and due diligence requests