Role Title: Security GRC Senior Analyst

Pinterest's Security team is seeking an experienced Security Governance, Risk, and Compliance Senior Analyst to further build and maintain Pinterests's Security GRC Program. This is a contractor role to cover temporary leave of the Security GRC manager. The ideal candidate will partner with Pinterest's Security colleagues to create culture change and ensure security best practices company wide are reflected in Pinterest US and International activities. The Security GRC Senior Analyst will have responsibility for the composition of Pinfosec policies and the administration of the Pinfosec GRC tool (Onspring) and will be an overall advocate for Security Governance, Risk & Compliance across Pinterest.

What you'll do

• Develop and maintain key Information Security Policies and standards in conjunction with Policy SMEs
• Define and operationalize routine program metrics to understand program health and increase program adoption and report out on those metrics to key stakeholders
• Ability to provide guidance and support on the use of the GRC platform (Onspring)
• Administer the GRC platform and hold monthly meetings with Security team members to keep security risk register up to date
• Prepare monthly reports on enterprise security risks for Chief Security Officer utilizing Onspring

Skills

• Excellent conceptual, organizational, analytical, and problem-solving skills with the ability to influence the behavior of peers and build relationships with other teams.
• Experience collaborating and influencing with stakeholder and partner organizational leadership and management, including vendors and third parties.
• Bachelor's degree in Information Security, Computer Science, or related field, or equivalent experience or expertise required.
• Minimum 4 years of cybersecurity experience or related experience in IT, or IT Audit.
• One of the following certifications, or equivalent certifications preferred: CISSP, CISM, GIAC, CISA, CRISC.
• Experience reviewing and interpreting information security data and processes for potential control or framework compliance issues (PCI, NIST, CIS V.8).
• Working knowledge of Governance Risk and Compliance (GRC) tools (ideally Onspring) and automation of risk evaluation, integration with enterprise risk functions, and reporting.
• Experience populating and maintaining a risk register
• Experience and working knowledge of security risk assessment and control frameworks, good understanding of the role and function of regulations, data management practices, and cybersecurity tooling.
• Experience writing Security Policies
• Working knowledge of the role of firewalls, vulnerability management, penetration testing, server and desktop configuration and controls, and encryption, and broad understanding of various security domains.
• Strong sense of ownership and comfortable with autonomy and ambiguity
• Outstanding communication and writing skills that enable you to proactively build relationships, inform others, and clearly explain security requirements to people

Education:

• Bachelor's degree in Information Security, Computer Science, or related field, or equivalent experience or expertise required.
• Minimum 4 years of cybersecurity experience or related experience in IT, or IT Audit.
• One of the following certifications, or equivalent certifications preferred: CISSP, CISM, GIAC, CISA, CRISC.

Skills

Required

• DATA GOVERNANCE
• RISK ASSESSMENT
• SECURITY POLICIES
• CISSP
• COMPLIANCE MONITORING

Additional