Sr. Security Analyst – GRC

JOB TITLE:
Sr Security Analyst – GRC (Risk & Reporting)

LOCATION:
Santiago DR

MODALITY
: Remote in DR

SCHEDULE
: Mon - Fri 09:00 AM - 06:00 PM

GENERAL DESCRIPTION OR PURPOSE OF JOB:
The Senior Security Analyst – GRC (Risk & Reporting) is responsible for overseeing risk management processes, tracking issues, and ensuring remediation efforts are effective. This role also involves managing the security metrics and reporting program. The position requires a detail-oriented individual with expertise in IT compliance, risk management, and internal controls.

The analyst will work collaboratively with various teams to gather and evaluate evidence necessary to meet security requirements. A successful candidate will be a proactive team player with strong interpersonal skills, the ability to take ownership of their responsibilities, and the initiative to work independently in a high-paced environment.

RESPONSIBILITIES / ESSENTIAL FUNCTIONS:
Risk Registry and Issues Management:

• Lead the development and maintenance of the Information Security risk registry, ensuring that all identified risks are properly recorded, assessed, and monitored.
• Track issues and action plans related to risk mitigation and compliance findings.
• Follow up with control owners to ensure timely resolution of issues and deficiencies.
• Support the development and maintenance of the organizational risk appetite statement and risk tolerance levels.

Risk Registry and Issues Management:

• Lead the development and maintenance of the Information Security risk registry, ensuring that all identified risks are properly recorded, assessed, and monitored.
• Track issues and action plans related to risk mitigation and compliance findings.
• Follow up with control owners to ensure timely resolution of issues and deficiencies.
• Support the development and maintenance of the organizational risk appetite statement and risk tolerance levels.

While the primary role is Risk and Reporting, the candidate will be asked to back up other GRC activities.
Additional Duties and Responsibilities
:

• Jostens Information Security Program: Assist in the development, maintenance, and communication of policies, standards, and procedures.
• Audit/Assessments: Facilitate audits and assessments of IT programs and individual components to determine compliance with published standards (e.g., SOC2, SOX, ISO27000, PCI, etc.).
• Vendor Management: Assist in Third-Party Risk Management as needed
• Training: Develop, plan, coordinate, deliver, and/or evaluate training courses.
• Privacy: Coordinate with legal and IT teams on privacy requests.
• Incident response: ensure proper documentation and post-incident analysis.

JOB REQUIREMENTS/SPECIFICATIONS:
Note that (i) computer literacy and working-level skill with the basic MS Office suite (Word, Excel, Outlook, Microsoft Edge), (ii) good verbal and written communication skills, (iii) good interpersonal skills, and (iv) the ability to work well both individually and in a team environment are default requirements for all Jostens exempt and salaried nonexempt employees.

Required:

• Bachelor's degree in Business or Accounting, Information Security, Information Management Systems, Cybersecurity, or other applicable area, or related work experience.
• Minimum 5 years in Information Security, IT Compliance, IT Audit, or related role.
• Hands-on experience with risk management.
• Experience with GRC/third-party management tools (e.g., Archer, OneTrust, ZenGRC, Etc.)
• Strong understanding and working knowledge of risk management principles, issue tracking, and risk reporting.
• Understanding of metrics and reporting.
• Excellent analytical and problem-solving skills.
• Strong written and verbal communication skills.
• Ability to work with technical and non-technical teams.
• Ability to collaborate with cross-functional teams and external partners.
• Attention to detail with experience prioritizing and managing multiple projects with competing priorities.

Preferred
:

• Certification applicable to a role in Information Security Governance, Risk and Compliance (e.g., CISSP, CISA, CISM, CRISC, CRMA).

Benefits
:

• Weekly Payment
• Law medical insurance and AFP
• Complementary Medical Insurance
• Life Insurance
• Internal Bank
• Credit in pharmacy and optic center
• Referral Program
• Growth Opportunities
• Remote Role

About Jostens:
Jostens leads the student commemoration market and has been serving local communities for over 125 years. We work with thousands of K-12 schools, colleges and universities each year, and have the honor of partnering with beloved sports teams and esteemed organizations across the country. Our iconic products — like yearbooks, letter jackets, class jewelry and championship rings — keep meaningful traditions alive and inspire millions of people to celebrate their unique stories, milestone moments and biggest accomplishments every year. We have 13 first-class facilities across the globe, from North America to the Caribbean. Watch a short video about us here .

Jostens is an Equal Opportunity Employer and complies with applicable employment laws. EOE/M/F/Vet/Disabled are encouraged to apply. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.