Sirius XM Radio Inc
Lead Analyst, Governance, Risk, and Compliance
Sirius XM Radio Inc, Nashville, Tennessee, United States, 37247
Who We Are:SiriusXM and its brands (Pandora, SiriusXM Media, AdsWizz, Simplecast, and SiriusXM Connect) are leading a new era of audio entertainment and services by delivering the most compelling subscription and ad-supported audio entertainment experience for listeners -- in the car, at home, and anywhere on the go with connected devices. Our vision is to shape the future of audio, where everyone can be effortlessly connected to the voices, stories and music they love wherever they are.This is the place where a diverse group of emerging talent and legends alike come to share authentic and purposeful songs, stories, sounds and insights through some of the best programming and technology in the world. Our critically-acclaimed, industry-leading audio entertainment encompasses music, sports, comedy, news, talk, live events, and podcasting. No matter their individual role, each of our employees plays a vital part in bringing SiriusXM's vision to life every day.SiriusXM
is the leading audio entertainment company in North America, and the premier programmer and platform for subscription and digital advertising-supported audio products. SiriusXM's platforms collectively reach approximately 150 million listeners, the largest digital audio audience across paid and free tiers in North America, and deliver music, sports, talk, news, comedy, entertainment and podcasts. Pandora, a subsidiary of SiriusXM, is the largest ad-supported audio entertainment streaming service in the U.S. SiriusXM's subsidiaries Simplecast and AdsWizz make it a leader in podcast hosting, production, distribution, analytics and monetization. The Company's advertising sales organization, which operates as SiriusXM Media, leverages its scale, cross-platform sales organization and ad tech capabilities to deliver results for audio creators and advertisers. SiriusXM, through SiriusXM Canada Holdings, Inc., also offers satellite radio and audio entertainment in Canada. In addition to its audio entertainment businesses, SiriusXM offers connected vehicle services to automakers.How you'll make an impact:The Lead Governance, Risk, and Compliance Analyst is a key member within SiriusXM's Governance, Risk, and Compliance team. This individual contributor will be responsible for managing the day-to-day execution of compliance assessment workstreams (PCI-DSS, SOC 2, ISO27001) as well as assisting in maturing and maintaining SiriusXM's Risk Management program. Responsibilities will include partnering with external assessment firms as well as corresponding stakeholder teams on areas such as assessment scoping, evidence collection, and findings remediation, as well as status reporting to Information Security Leadership. This role will also be responsible for partnering with stakeholders across the organization and Information Security Leadership to perform risk input and tracking, and reporting.What you'll do:You will be the Lead GRC contact on assigned compliance assessment workstreams responsible for working directly with external assessors to assist in providing needed evidence, as well as tracking and reporting project progress against timeline to GRC Director.
Partner with internal stakeholders to help interpret audit requirements into practical terms to help best identify the corresponding processes and evidence that satisfy these requirements.
Work with internal stakeholders and external assessors on control findings, including control remediation and identification of compensating controls.
Help maintain and mature the organization's risk management program, which will entail working with stakeholders to identify, document, and track risk in accordance with the organization's risk management strategy.
Assist in the completion of security questionnaires from prospective and current customers.
What you'll need:5+ years' experience in the GRC, audit, or risk management space.
The ideal candidate will have experience managing security assessments (SOC1/SOC2, ISO27001, PCI-DSS), either as an external assessor or in an internal capacity.
Solid grasp on information security control design and execution, as well as familiarity with compensating controls/ control remediation.
Experience with documenting and tracking security risks
Familiarity completing vendor questionnaires is a plus.
Must have strong communication skills, especially the ability to take ambiguous audit requirements and put them into actionable steps for non-technical control owners.
Problem solving mindset - Able to assess a situation, identify potential resolutions, and propose them to management.
Experience completing vendor questionnaires is a plus.
Must have legal right to work in the U.S.
At SiriusXM, we carefully consider a wide range of factors when determining compensation, including your background and experience. These considerations can cause your compensation to vary. We expect the base salary for this position to be in the range of $102,000 to $160,000 and will depend on your skills, qualifications, and experience. Additionally, this role might be eligible for discretionary short-term and long-term incentives. We encourage all interested candidates to apply.Our goal at SiriusXM is to provide and maintain a work environment that fosters mutual respect, professionalism and cooperation. SiriusXM is an equal opportunity employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, national origin, ancestry, alienage or citizenship status, age, disability or handicap, sex, gender identity, marital status, familial status, veteran status, sexual orientation or any other characteristic protected by applicable federal, state or local laws.The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.R-2024-10-67
is the leading audio entertainment company in North America, and the premier programmer and platform for subscription and digital advertising-supported audio products. SiriusXM's platforms collectively reach approximately 150 million listeners, the largest digital audio audience across paid and free tiers in North America, and deliver music, sports, talk, news, comedy, entertainment and podcasts. Pandora, a subsidiary of SiriusXM, is the largest ad-supported audio entertainment streaming service in the U.S. SiriusXM's subsidiaries Simplecast and AdsWizz make it a leader in podcast hosting, production, distribution, analytics and monetization. The Company's advertising sales organization, which operates as SiriusXM Media, leverages its scale, cross-platform sales organization and ad tech capabilities to deliver results for audio creators and advertisers. SiriusXM, through SiriusXM Canada Holdings, Inc., also offers satellite radio and audio entertainment in Canada. In addition to its audio entertainment businesses, SiriusXM offers connected vehicle services to automakers.How you'll make an impact:The Lead Governance, Risk, and Compliance Analyst is a key member within SiriusXM's Governance, Risk, and Compliance team. This individual contributor will be responsible for managing the day-to-day execution of compliance assessment workstreams (PCI-DSS, SOC 2, ISO27001) as well as assisting in maturing and maintaining SiriusXM's Risk Management program. Responsibilities will include partnering with external assessment firms as well as corresponding stakeholder teams on areas such as assessment scoping, evidence collection, and findings remediation, as well as status reporting to Information Security Leadership. This role will also be responsible for partnering with stakeholders across the organization and Information Security Leadership to perform risk input and tracking, and reporting.What you'll do:You will be the Lead GRC contact on assigned compliance assessment workstreams responsible for working directly with external assessors to assist in providing needed evidence, as well as tracking and reporting project progress against timeline to GRC Director.
Partner with internal stakeholders to help interpret audit requirements into practical terms to help best identify the corresponding processes and evidence that satisfy these requirements.
Work with internal stakeholders and external assessors on control findings, including control remediation and identification of compensating controls.
Help maintain and mature the organization's risk management program, which will entail working with stakeholders to identify, document, and track risk in accordance with the organization's risk management strategy.
Assist in the completion of security questionnaires from prospective and current customers.
What you'll need:5+ years' experience in the GRC, audit, or risk management space.
The ideal candidate will have experience managing security assessments (SOC1/SOC2, ISO27001, PCI-DSS), either as an external assessor or in an internal capacity.
Solid grasp on information security control design and execution, as well as familiarity with compensating controls/ control remediation.
Experience with documenting and tracking security risks
Familiarity completing vendor questionnaires is a plus.
Must have strong communication skills, especially the ability to take ambiguous audit requirements and put them into actionable steps for non-technical control owners.
Problem solving mindset - Able to assess a situation, identify potential resolutions, and propose them to management.
Experience completing vendor questionnaires is a plus.
Must have legal right to work in the U.S.
At SiriusXM, we carefully consider a wide range of factors when determining compensation, including your background and experience. These considerations can cause your compensation to vary. We expect the base salary for this position to be in the range of $102,000 to $160,000 and will depend on your skills, qualifications, and experience. Additionally, this role might be eligible for discretionary short-term and long-term incentives. We encourage all interested candidates to apply.Our goal at SiriusXM is to provide and maintain a work environment that fosters mutual respect, professionalism and cooperation. SiriusXM is an equal opportunity employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, national origin, ancestry, alienage or citizenship status, age, disability or handicap, sex, gender identity, marital status, familial status, veteran status, sexual orientation or any other characteristic protected by applicable federal, state or local laws.The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.R-2024-10-67