GRC Analyst II

Ready to safeguard our digital future? Join us as a Governance Risk Compliance Analyst II (GRC)! Dive into the heart of our GRC program, where you'll champion PCI Compliance, fortify our compliance controls, and lead audits with finesse.

Your mission? Drive continuous improvement, embrace cutting-edge tech, and keep our defenses impenetrable against emerging threats.

If you thrive on staying ahead in the dynamic world of information security, this role is your gateway to impact and innovation.

Let's secure tomorrow, today. Apply now!

Technical skills necessary to be successful :

• Bachelor’s degree in information technology, Computer Science, Engineering, Math or Science, or combination of education / training with relevant experience
• Strong understanding of PCI DSS required.
• Advanced technical reading comprehension skills required.
• Experience working on a PCI Validation Assessment required.
• 2 + years prior work experience in Information Technology or Cybersecurity required.
• Knowledgeable in NIST, ISO, HIPPA, and other compliance frameworks.
• Experience performing audits, leading control walkthroughs, and identifying relevant information for documentation required.
• Excellent communication skills, with the ability to work effectively as a team member and cross-functionally with internal and external stakeholders.
• Proven ability to manage multiple priorities and workloads effectively, even when faced with conflicting demands.

Here's some of what you'll be responsible for :

• Establish a comprehensive understanding of the organization’s audit and compliance programs (i.e., PCI, CCPA / CPRA, etc.).
• Serve as the primary subject matter expert leading the PCI program.
• Collaborate with cross functional teams to monitor and maintain relevant security controls, understand their operations, and ensure compliance with security standards and organizational standards.
• Develop remediation plans in coordination with remediation owners. Track remediation plans to closure.
• Lead scoping activities, coordinate and fulfill documentation requests, lead walkthroughs, and perform other audit tasks as appropriate.
• Work with control owners to develop and continuously improve controls for in-scope systems.
• Effectively communicate compliance status, timelines, risk, and remediation efforts to key stakeholders.
• Conduct research and analysis to keep current with GRC knowledge, Information Security, emerging technology, and the PCI DSS.
• Function as a compliance liaison between business, technology, and legal.
• Participate in third-party risk management.
• Perform targeted risk assessment.
• Assist with designing and training initiatives in compliance areas throughout the ministry.
• Coordinate new solution design between different technology departments to meet both business and compliance requirements.
• Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks;

benchmarking state-of-the-art practices; participating in professional societies.

• Lead GRC projects, provide direction to others, and mentor junior Team Members.
• Ensure management of vulnerabilities and risk mitigation.
• Facilitate and run meetings.
• Identify gaps and research third party tools for continuous improvement.
• Review and improve policies, procedures, and standards.
• Act as the Software Administrator for compliance platform.
• Perform other assigned duties as required.

What can we offer you :

• We provide a competitive salary range and that’s not all!
• Industry-leading Medical, Dental and Vision coverage
• Short / long term disability and life insurance
• Robust 401K with company match
• Parental leave with Baby Bonding pay
• Generous PTO, holiday, and sick pay
• Unique company culture that includes exclusive access to concerts, movie premieres, media industry events, and more
• Leadership and Career Development Programs including free access to LinkedIn Learning platform

Why work for Educational Media Foundation, K-LOVE / Air1?

Educational Media Foundation (EMF) is a nonprofit, multi-platform media company on a mission to draw people closer to Christ.

Founded in 1982 in Santa Rosa, CA, with a singular radio station, EMF today owns and operates the nation's two largest Christian music radio networks (K-LOVE and Air1) with over 1,000 broadcast signals across all 50 states, streaming audio reaching around the world, and a growing family of media ministries including podcasts, books, films, concerts, and events.

EMF employs nearly 500 team members between its offices in Nashville, TN, Rocklin, CA, and field locations around the country.

You can view our mission and values here Mission, Beliefs & Values.

As an Equal Opportunity Employer, EMF makes employment decisions based on merit and other legitimate reasons. The Company is committed to a diverse and inclusive work environment and the promotion of equal employment opportunities regardless of protected class, characteristic or status.

However, EMF is also a religious non-profit organization where all team members contribute to the Company’s mission of encouraging our audiences to have a meaningful relationship with Christ.

Therefore, p ursuant to the Civil Rights Act of 1964, Section 702 (42 U.S.C. 2000e I(a)), EMF has the right to hire only candidates who agree with the Company’s Statement of Faith.

Also, as a religious non-profit organization, the Company is not governed by the CA Fair Employment and Housing Act.