PulteGroup
Governance Risk & Compliance Analyst II
PulteGroup, Atlanta, Georgia, United States, 30383
Job Summary:
Maintains and contributes to the design of the Company’s cybersecurity Governance, Risk, and Compliance program (GRC). The GRC Analyst II plays a key role in assessing technology-related risks and ensuring compliance with relevant regulations, policies, standards, and controls designed to protect the organization’s information assets.
Learned professional who works independently with limited guidance except when dealing with unusual or complex scenarios. Provides guidance to less experienced GRC Analysts and leads process improvement efforts within the Information Security team.
Primary Job Responsibilities
Policies/Standards/Controls:
Develops and maintains cybersecurity policies, standards, and guidelines.
Implements and monitors compliance with cybersecurity control framework.
Ensures policies are up-to-date and align with industry best practices, regulatory requirements, and cyber frameworks.
Communicates policies to relevant stakeholders.
Security Awareness:
Independently develops security awareness training programs and materials.
Plans and executes cybersecurity awareness events and communication campaigns.
Develops, organizes, and delivers training sessions to employees on security policies and best practices.
Monitors and reports on the effectiveness of security awareness initiatives.
Cyber Risk Management:
Collects, analyzes, and presents cybersecurity program performance metrics and key risk indicators (KRIs).
Independently conducts regular assessments of cyber risks within applications, platforms, and processes.
Identifies risks and develops mitigation strategies and risk management plans
Manages third-party risk by assessing the security posture of external vendors and partners, implementing risk mitigation measures, and fostering secure third-party relationships.
PCI, SOX, and Privacy Compliance:
Ensures appropriate design and operating effectiveness of regulatory and PCI-DSS controls.
Manages privacy-related data subject access requests.
Monitors compliance and reports effectiveness.
Independently performs periodic gap assessments to validate compliance.
Monitors regulatory environment and performs impact assessments.
Partners with auditors and manages action plans in response to audit discoveries.
Management Responsibilities
Not applicable
Scope
Decision Impact: Individual
Department Responsibility: Single
Budgetary Responsibility: No
Direct Reports: No
Indirect Reports: No
Physical Requirements: Not applicable
Required Education/Experience
Minimum Bachelor's Degree in Cybersecurity or related field or a combination of related education and work experience in an Information Security role to equal 4 years.
Related Functional Experience: Minimum of 5 years of experience in cybersecurity or technical risk analysis.
Minimum of 3 years of experience in a GRC role.
Required Skills/Knowledge
Depth of knowledge with cybersecurity control frameworks (NIST CSF preferred)
Working knowledge of cybersecurity policy lifecycle, standards, and guidelines.
Experience with PCI-DSS and SOX
Working knowledge of data governance and privacy regulations
Experience with security awareness techniques and processes in an enterprise environment.
Exceptional written and verbal communication skills that can be adjusted to relevant audiences.
Analytic and problem-solving skills.
PulteGroup, Inc. and its affiliates do not accept unsolicited resumes from individual recruiters or third party recruiting agencies (collectively, “Recruiters”) in response to job postings. If Recruiters nevertheless submit one or more unsolicited resumes to any employee at PulteGroup, Inc. or its affiliates without a valid written agreement in place for this position, it will be deemed the sole property of PulteGroup, Inc. and its affiliates. No fee will be owing or paid to Recruiters who submit unsolicited candidates, in the event the candidate is hired by PulteGroup, Inc. or its affiliates as a result of the referral, without a written agreement between PulteGroup, Inc. and through any means other than via our Applicant Tracking System.
We are an equal opportunity employer (http://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. We will provide a reasonable accommodation to a qualified applicant with a disability that will enable the individual to have an equal opportunity to participate in the application process and to be considered for a job.
This Organization Participates in e-Verify (https://e-verify.uscis.gov/web/media/resourcesContents/E-Verify_Participation_Poster_ES.pdf)
Pulte Homes of Minnesota is an equal employment opportunity/affirmative action employer.
California Privacy Policy (https://www.pulte.com/legal/privacy-policy)
Maintains and contributes to the design of the Company’s cybersecurity Governance, Risk, and Compliance program (GRC). The GRC Analyst II plays a key role in assessing technology-related risks and ensuring compliance with relevant regulations, policies, standards, and controls designed to protect the organization’s information assets.
Learned professional who works independently with limited guidance except when dealing with unusual or complex scenarios. Provides guidance to less experienced GRC Analysts and leads process improvement efforts within the Information Security team.
Primary Job Responsibilities
Policies/Standards/Controls:
Develops and maintains cybersecurity policies, standards, and guidelines.
Implements and monitors compliance with cybersecurity control framework.
Ensures policies are up-to-date and align with industry best practices, regulatory requirements, and cyber frameworks.
Communicates policies to relevant stakeholders.
Security Awareness:
Independently develops security awareness training programs and materials.
Plans and executes cybersecurity awareness events and communication campaigns.
Develops, organizes, and delivers training sessions to employees on security policies and best practices.
Monitors and reports on the effectiveness of security awareness initiatives.
Cyber Risk Management:
Collects, analyzes, and presents cybersecurity program performance metrics and key risk indicators (KRIs).
Independently conducts regular assessments of cyber risks within applications, platforms, and processes.
Identifies risks and develops mitigation strategies and risk management plans
Manages third-party risk by assessing the security posture of external vendors and partners, implementing risk mitigation measures, and fostering secure third-party relationships.
PCI, SOX, and Privacy Compliance:
Ensures appropriate design and operating effectiveness of regulatory and PCI-DSS controls.
Manages privacy-related data subject access requests.
Monitors compliance and reports effectiveness.
Independently performs periodic gap assessments to validate compliance.
Monitors regulatory environment and performs impact assessments.
Partners with auditors and manages action plans in response to audit discoveries.
Management Responsibilities
Not applicable
Scope
Decision Impact: Individual
Department Responsibility: Single
Budgetary Responsibility: No
Direct Reports: No
Indirect Reports: No
Physical Requirements: Not applicable
Required Education/Experience
Minimum Bachelor's Degree in Cybersecurity or related field or a combination of related education and work experience in an Information Security role to equal 4 years.
Related Functional Experience: Minimum of 5 years of experience in cybersecurity or technical risk analysis.
Minimum of 3 years of experience in a GRC role.
Required Skills/Knowledge
Depth of knowledge with cybersecurity control frameworks (NIST CSF preferred)
Working knowledge of cybersecurity policy lifecycle, standards, and guidelines.
Experience with PCI-DSS and SOX
Working knowledge of data governance and privacy regulations
Experience with security awareness techniques and processes in an enterprise environment.
Exceptional written and verbal communication skills that can be adjusted to relevant audiences.
Analytic and problem-solving skills.
PulteGroup, Inc. and its affiliates do not accept unsolicited resumes from individual recruiters or third party recruiting agencies (collectively, “Recruiters”) in response to job postings. If Recruiters nevertheless submit one or more unsolicited resumes to any employee at PulteGroup, Inc. or its affiliates without a valid written agreement in place for this position, it will be deemed the sole property of PulteGroup, Inc. and its affiliates. No fee will be owing or paid to Recruiters who submit unsolicited candidates, in the event the candidate is hired by PulteGroup, Inc. or its affiliates as a result of the referral, without a written agreement between PulteGroup, Inc. and through any means other than via our Applicant Tracking System.
We are an equal opportunity employer (http://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. We will provide a reasonable accommodation to a qualified applicant with a disability that will enable the individual to have an equal opportunity to participate in the application process and to be considered for a job.
This Organization Participates in e-Verify (https://e-verify.uscis.gov/web/media/resourcesContents/E-Verify_Participation_Poster_ES.pdf)
Pulte Homes of Minnesota is an equal employment opportunity/affirmative action employer.
California Privacy Policy (https://www.pulte.com/legal/privacy-policy)