Full Job Description
Join the thousands of innovators, advocates and forces who are making an impact every day at one of the biggest footwear brands in the world. Whether you love to connect with consumers on the retail floor or want to drive our award-winning powerhouse in new directions, the SKECHERS team is the place to be. Learn more about our brand at about.skechers.com
Working as part of the information security office within the IT department at Skechers, the GRC analyst will be responsible for leading the day to day IT compliance, data governance, and IT risk management functions. The role will include primary responsibility for defining, creating, and managing IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.
Essential Job Results
Collaborate to define IT security standards and develop supporting organizational policies
Perform security and compliance assessments on new and existing systems, processes, technology
Support vendor due-diligence process and help to lead and define overall third party risk management efforts
Work with various business units to ensure controls are adequate, appropriate, and effective
Support internal and external audit process for relevant compliance concerns including PCI-DSS, SOX, GDPR
Participate in disaster recovery and business continuity planning
Perform business impact analysis and assist with development of IT/infosec risk register
Interface with global IT and business partners to provide guidance and support
Perform periodic gap assessments to validate compliance on an ongoing basis
Stay up to date and informed on developing regulatory concerns and changing IT and information security trends
Drive enterprise-wide security awareness efforts by facilitating phishing campaigns, hosting seminars on various security topics, etc.
5+ years of experience with legal and regulatory compliance standards such as PCI-DSS, SOX, GDPR, HIPAA, CaCPA, etc
Familiarity with ISMS and security frameworks, particularly NIST Cybersecurity Framework
Strong understanding of fundamental information security concepts and technology
Experience with IT GRC/IRM platforms (Oracle, RSA Archer, MetricStream, etc.)
Experience with IT governance, risk, and compliance management in a large global environment
Excellent written and oral communication skills
Strong work ethic with attention to detail
Ability to excel in a fast paced and rapidly changing environment
Education and Experience
Bachelor’s degree in related field or equivalent work experience
ISACA or (ISC)2 Certification a plus
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The skills, abilities and physical demands described are representative of those duties that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities, who are otherwise qualified for the job position, to perform the essential functions.
While performing the duties of this job, the employee is regularly required to stand; use hands to finger, handle, or feel, and talk or hear. The employee frequently is required to walk, sit, reach with hands and arms, stoop, and kneel. The employee is occasionally required to sit for long period of times.
All your information will be kept confidential according to EEO guidelines.