Security Analyst II, GRC at DAT (Greater Denver Area, CO)
DAT is an award-winning employer of choice and a next-generation SaaS technology company that has been at the leading edge of innovation in transportation supply chain logistics for 44 years. We continue to transform the industry year over year, by deploying a suite of software solutions to millions of customers every day - customers who depend on DAT for the most relevant data and most accurate insights to help them make smarter business decisions and run their companies more profitably. We operate the largest marketplace of its kind in North America, with 227 million freight posts in 2021, and a database of $126 billion of annual global shipment market transaction data. We have co-headquarters in Portland, OR and Denver, CO, and additional offices in MO, TX, and Bangalore, India. For additional information, see www.DAT.com/company.
DAT is looking for a Governance, Risk, and Compliance (GRC) Analyst II to join our Security team in Denver, CO or Beaverton, OR.
The GRC analyst plays an important part in the development, implementation, and compliance of information risk management across DAT. The analyst role is responsible for identifying, tracking and reporting risks related to Information Security and Regulatory Compliance.
What You’ll Do
- Contribute to the ongoing development of DAT’s Information Security GRC activities, strategy, and roadmap.
- Perform project management activities to improve or optimize GRC activities.
- Perform IT Risk Assessments and Vendor Risk Assessments.
- Support internal and external audits (e.g. PCI and SOX).
- Collect and maintain evidence of compliance with information security policies and regulatory requirements.
- Coordinate written responses from customers and sales prospects on Information Security controls and regulatory compliance.
- Perform annual review of DAT’s information security policies, procedures, standards, and other InfoSec documentation. Provide recommendations for new policies and changes as needed.
- Monitor policy status and move them through the various phases of review and approval.
- Coordinate approved policy communications with stakeholders.
- Regularly review and manage the status of the DAT Risk Register, including sending reminders to task and risk owners and providing reports to senior leadership.
- Assist in maintaining DAT’s Information Security documentation repository.
- Provide input to DAT’s Security Awareness and Training program plan.
- Review 3rd party vendor agreements to ensure compliance to policy
The Skills and Experience You’ll Bring
- 1-3 years of full-time work experience in IT, IT audit or IT risk management.
- Bachelor’s degree in a quantitative field (Economics, Engineering, Mathematics, Computer Science, or similar) or equivalent experience.
- Experience in leading security assessments and/or IT vendor risk assessments.
- Strong understanding of technical aspects of Information Security and Risk Management.
- Working knowledge of project management concepts and processes.
- Working knowledge of common IT technologies and processes.
- Working knowledge of common Information Security and Information Technology frameworks and standards, such as ITIL, COBIT, NIST and ISO27000 series.
- Working knowledge of PCI and SOX regulatory frameworks.
- Strong understanding of risk management principles and methodologies.
- Good communication skills including ability to present technical subjects to non-technical audiences.
- Strong work ethic, attention to detail, and organizational skills.
- Ability to multi-task and manage priorities in a fast-paced environment.
- Ability to work proactively and collaboratively in a team setting.
- Strong problem solving and analytical skills.
- Strong understanding of the “voice of the customer” and the impact of controls on business operations.
- CISA, or a similar risk management, audit, or security certifications.
- Experience working with GRC tools.
- Experience working in, or having knowledge of, the freight analytics industry is a plus.
DAT embraces the value of a diverse workforce, and believes it is a core strength of our company that we encourage those values in every DAT employee, at every level of our organization, regardless of tenure or rank. We provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state, and local laws.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)