JOB TITLE: Sr Security Analyst – GRC (SOC 2 Compliance) LOCATION: Santiago - Remote GENERAL DESCRIPTION OR PURPOSE OF JOB: The Senior Security Analyst – GRC (SOC 2 Compliance) will play a critical role in ensuring Jostens compliance with AICPA SOC 2 Trust Services Criteria and other frameworks. The ideal candidate is a detail-oriented professional with a strong background in IT compliance, risk management, and internal controls. This role will collaborate with cross-functional teams to collect and assess evidence to satisfy security requirements. The individual must be a motivated team player with a positive attitude, solid interpersonal skills and someone who can quickly take ownership within their area. The individual must be hands-on, work under minimal supervision and can work in a fast-paced environment. RESPONSIBILITIES / ESSENTIAL FUNCTIONS: SOC 2 Compliance: + Lead and manage SOC 2 readiness planning, assessments and audits.. + Conduct internal assessments to identify and mitigate risks related to SOC 2 compliance. + Collaborate with internal teams and external auditors to ensure the timely completion of SOC 2 audits + Monitor and validate the implementation of controls, remediation activities, and compliance with Trust Service Criteria. + Maintain documentation and evidence required for SOC 2 compliance. + Prepare reports and presentations on SOC 2 compliance status. Providing training and awareness programs for internal stakeholders on SOC 2 compliance. While the primary role is SOC 2 compliance, the candidate will be asked to cross train and back up other GRC activities. Additional Duties and Responsibilities: + Jostens Information Security Program: Assist in the development, maintenance, and communication of policies, standards, and procedures. + Risk Assessment: Assess risk, and coordinate, document, and validate evidence to meet Jostens cybersecurity and risk requirements. Ensure appropriate treatment of risk. + Audit/Assessments: Facilitate audits and assessments of IT programs and individual components to determine compliance with published standards (e.g., SOX, ISO27000, PCI, etc.). + Vendor Management: Assist in Third-Party Risk Management as needed + Training: Develop, plan, coordinate, deliver, and/or evaluate training courses. + Metrics: Regularly report security metrics, proposing improvement as needed. + Privacy: Coordinate with legal and IT teams on privacy requests. + Incident response: ensure proper documentation and post-incident analysis. Required: Education: + Bachelor’s degree in Business or Accounting, Information Security, Information Management Systems, Cybersecurity or other applicable area, or related work experience. Experience: + Minimum 5 years in IT, Information Security, IT Audit, or related role + Hands-on experience with SOC2 and other risk management frameworks + Experience with GRC/ third party management tools (e.g., Archer, OneTrust, ZenGRC, Etc.) + Strong understanding and working knowledge of compliance frameworks, including SOC 2 Trust Service Criteria Professional Skills and Knowledge: + Excellent analytical and problem-solving skills + Strong written and verbal communication skills + Ability to work with technical and non-technical teams + Ability to collaborate with cross-functional teams and external partners. + Attention to detail with experience prioritizing and managing multiple projects with competing priorities. Certifications (Preferred but Not Required) + Certification applicable to a role in Information Security Governance, Risk and Compliance (e.g., CISSP, CISA, CISM, CRISC, CRMA) is preferred.