Security GRC Analyst I

Summary 

Scout Motors Inc. (Scout) is hiring a Security Governance, Risk, and Compliance Analyst I that will be responsible for assisting in the development and management of various elements of security governance, risk, and compliance, along with customer trust and privacy. This role will require eagerness and enthusiasm to learn, grow, and build GRC functions/programs alongside senior team members to meet the objectives of the Security Organization. Our ideal candidate for this role will be someone who has 1-3 years of experience in the GRC, customer trust, and privacy space and wants to continue to learn and grow across the GRC space while working for a promising and exciting startup. Additionally, this team member needs to be analytical, data driven, and forward thinking to ensure the privacy, trust, or GRC functions are built to scale the business. This role will be an individual contributor (IC) role with potential for advancement and people management.

What you’ll do

Become part of an iconic brand that is set to revolutionize the electric pick-up truck & rugged SUV marketplace by achieving the following:

• Assist in the development, annual review, and off-cycle requests for security policy and standards.
• Assist in the development and operation of cyber risk management programs, driving the documentation and management of risk treatment.
• Assist in the execution of cyber risk assessments for business processes, technology, and products.
• Provide guidance for the risk treatment/management process to risk owners and team members.
• Help to build functions for the engagement of privacy, trust and GRC programs with customers, employees, and stakeholders to enable “Security-as-a-service” principles and goals.
• Assist in the buildout and management of the GRC tooling and associated data.
• Manage external audits by customers and certification bodies through the audit lifecycle.
• Assist with security IT audits to include evidence lifecycle management, control walkthrough scheduling and execution, and the documentation and management of control corrective action plans.
• Assist with and manage the development of security compliance programs for industry security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001//27701/21434, TISAX, GDPR, CPRA, NIST CSF, etc.).
• Make recommendations to management regarding programs, processes, etc.
• Provide support and mentor others on the team, sharing insights, knowledge, and experience.
• Engage in team-building events, community engagement, team off-sites, peer-review & management review cycles and activities.

Location & Travel Expectations:

• This role will be based out of the future Scout Motors corporate headquarters, which is anticipated to be identified in 2025. This role may be remote to start but will transition to an in-office setting at the headquarters after the location is determined. This role is not eligible for remote work in New York City.
• The responsibilities of this role require attendance in office with in-person meetings and events regularly. 
• Applicants should expect that the role will require the ability to convene with Scout colleagues in person and travel to participate in events on behalf of the company from time to time.

What you’ll bring 

We expect all Scout employees to have integrity, curiosity, resourcefulness, and strive to exhibit a positive attitude, as well as a growth mindset. You’ll be comfortable with change and flexible in a fast-paced, high-growth environment. You’ll take a collaborative approach to achieve ambitious goals. Here's what else you'll bring: 

• Bachelor’s degree in computer science, Information Systems Management, Cybersecurity, Information Assurance or related field or equivalent relevant experience.
• 1-3 years of technical professional experience in IT audit, IT risk management, or security governance.
• Experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc.).
• High-level understanding and experience in security risk management activities (risk analysis, risk assessments, risk reporting, treatment etc.).
• Experience across multiple security domains (access management, change management, security operations, etc.).
• Strong knowledge of at least one industry accepted information security frameworks (e.g. SOX ITGCs, AICPA TSC [SOC 2], TISAX, ISO 27001, GDPR, CCPA, NIST CSF, etc.).
• Experience with public cloud hosting providers (AWS, Azure, and/or GCP).
• Experience supporting GRC functions within third-party tooling platforms (RSA Archer, Standard Fusion, ServiceNow, Hyperproof, etc.).
• Strong working knowledge of Microsoft Office and Google Workspace.
• Desire to obtain one or more industry accepted information security certifications (CISA, CISSP, CRISC, CCSK, CIPPP, etc.).
• Strong communication and critical thinking skills, attention to detail, and experience collaborating cross-functionally with stakeholders

What you'll gain

The benefits of joining Scout include the chance to build products and a company from the ground up.  This is a chance to create something new and lasting – with an iconic brand at its foundation.  In addition, Scout provides competitive compensation and benefits to support your physical, mental, and financial wellbeing. Program specifics are detailed in company policies and employee benefit guides, select highlights:

• Competitive insurance including:
  • Medical, dental, vision and income protection plans
• 401(k) program with:
  • An employer match and immediate vesting
• Generous Paid Time Off including:
  • 20 days planned PTO, as accrued
  • 40 hours of unplanned PTO and 14 company or floating holidays, annually
  • Up to 16 weeks of paid parental leave for biological and adoptive parents of all genders
  • Paid leave for circumstances related to bereavement, jury duty, voting time, or military leave

Pay Transparency

This is a full-time, exempt position eligible to receive a base salary and to participate in an annual performance bonus program. Final salary offered will be determined based on factors including but not limited to the candidate's skills and experience. The annual performance bonus program is preset and not candidate dependent.

Initial base salary range = $90,000.00 - $112,500.00

Internal leveling code: IC10