GRC Analyst Squarespace
New York, NY

Job Description

Our GRC team is seeking creative, diligent, technical, and talented IT compliance and security risk professionals with a background in SOX IT controls implementation, regulatory controls requirements, process improvement, and security risk analysis.

Responsibilities

* Evaluate and maintain ITGC policies, procedures, and controls for Squarespace systems (internally developed and third party).
* Actively work with stakeholders across the business (Finance, Accounting, Internal Controls, Engineering, etc.) to track remediation of ITGC and security control gaps.
* Conduct self-assessments/audits to confirm Squarespace's adherence to internal policies, compliance objectives, and industry best practices.
* Help support external audits of our SOX and PCI control environments
* Perform detailed ITGC testing for in scope SOX systems. Clearly document and communicate findings to the GRC team and, where necessary, process owners.
* Assist with security and enterprise risk assessments across the organization.
* Partner with Security Engineering to formally document security policies (outside the scope of ITGC policies) and procedures.
* Conduct vendor security risk assessments for any third party SaaS software solutions being considered for use by the company. Provide feedback to the key stakeholders based on the assessment and a recommendation to move forward or disengage.
* Grow and establish the GRC function at Squarespace through strong collaboration with Engineering teams and cross functional partnerships with Finance, Accounting, Legal, CustOps, Product, and Strategy.
* Actively track project status and proactively communicate road blocks with proposed solutions.

Qualifications:

* 2+ years relevant experience in an IT audit/compliance/risk management role
* Experience with IT controls implementation in the context of SOX and SOC 2/3
* Experience working in a full Linux environment, Git, and CI/CD
* Self-motivated and eager to learn from more seasoned GRC and Security Engineering professionals
* PCI controls implementation & SAQ experience is a plus
* Experience identifying, tracking, reporting and remediating IT procedural and technical risk
* Working knowledge of web based technologies and cloud environments is a plus
* Big-4 is preferred
* CISA certification (or at a minimum, successful completion of the CISA examination) is strongly preferred