JOB TITLE: Sr Security Analyst – GRC (Risk & Reporting) LOCATION: Santiago - Remote GENERAL DESCRIPTION OR PURPOSE OF JOB: The Senior Security Analyst – GRC (Risk & Reporting) will lead risk management, issues tracking and remediation, and maintain the security metrics and reporting program. The ideal candidate is a detail-oriented professional with a strong background in IT compliance, risk management, and internal controls. This role will collaborate with cross-functional teams to collect and assess evidence to satisfy security requirements. The individual must be a motivated team player with a positive attitude, solid interpersonal skills and someone who can quickly take ownership within their area. The individual must be hands-on, work under minimal supervision and can work in a fast-paced environment. RESPONSIBILITIES / ESSENTIAL FUNCTIONS: Risk Registry and Issues Management: + Lead the development and maintenance of the Information Security risk registry, ensuring that all identified risks are properly recorded, assessed, and monitored. + Track issues and action plans related to risk mitigation and compliance findings. + Follow up with control owners to ensure timely resolution of issues and deficiencies. + Support the development and maintenance of the organizational risk appetite statement and risk tolerance levels. Metrics and Risk Reporting: + Regularly collect and report security metrics + Analyze data to identify trends, potential areas of concern, and opportunities for continuous improvement within the Information Security program. + Develop, track, and report on related to governance, compliance, risk, and privacy program effectiveness. + Work with Information Security Subject Matter Experts (SMEs) on more effective reporting on the Information Security posture across the enterprise. + Ensure data integrity and accuracy in all Information Security reporting. + Create dashboards and presentations to communicate Information Security performance, risk posture, and compliance status to various stakeholders, including senior leadership. While the primary role is Risk and Reporting, the candidate will be asked to back up other GRC activities. Additional Duties and Responsibilities: + Jostens Information Security Program: Assist in the development, maintenance, and communication of policies, standards, and procedures. + Audit/Assessments: Facilitate audits and assessments of IT programs and individual components to determine compliance with published standards (e.g., SOC2, SOX, ISO27000, PCI, etc.). + Vendor Management: Assist in Third-Party Risk Management as needed + Training: Develop, plan, coordinate, deliver, and/or evaluate training courses. + Privacy: Coordinate with legal and IT teams on privacy requests. + Incident response: ensure proper documentation and post-incident analysis. Required: Education: + Bachelor’s degree in Business or Accounting, Information Security, Information Management Systems, Cybersecurity or other applicable area, or related work experience. Experience: + Minimum 5 years in Information Security, IT Compliance, IT Audit, or related role + Hands-on experience with risk management + Experience with GRC/ third party management tools (e.g., Archer, OneTrust, ZenGRC, Etc.) + Strong understanding and working knowledge of risk management principles, issue tracking and risk reporting + Understanding of metrics and reporting Professional Skills and Knowledge: + Excellent analytical and problem-solving skills + Strong written and verbal communication skills + Ability to work with technical and non-technical teams. + Ability to collaborate with cross-functional teams and external partners. + Attention to detail with experience prioritizing and managing multiple projects with competing priorities. Certifications (Preferred but Not Required) + Certification applicable to a role in Information Security Governance, Risk and Compliance (e.g., CISSP, CISA, CISM, CRISC, CRMA) is preferred.