Job Information
PulteGroup Governance, Risk & Compliance Analyst III in Atlanta, Georgia
Job Summary:
Leads the design, development, and maintenance of the Company’s cybersecurity Governance, Risk, and Compliance program (GRC). The GRC Analyst III plays a lead role in assessing technology-related risks and ensuring compliance with relevant regulations, policies, standards, and controls designed to protect the organization’s information assets.
Experienced professional competent to work at the highest level within a cyber program. Considers the current and future business environment in the design of a GRC program. Works independently with limited guidance and without supervision. Mentors and coaches less experienced GRC Analysts and leads process improvement efforts. Builds and fosters meaningful, collaborative relationships with cross-functional teams to implement necessary controls.
Primary Job Responsibilities
Policies/Standards/Controls:
Leads the development and maintenance of cybersecurity policies, standards, and guidelines.
Implements and monitors compliance with cybersecurity control framework; independently designs effective controls to protect the confidentiality, integrity, and availability of the organization’s information assets.
Leads across teams to ensure policies are up-to-date and align with industry best practices and frameworks.
Communicates policies to relevant stakeholders and serves as a subject matter expert.
Security Awareness:
Designs and develops security awareness training roadmaps, programs, and materials.
Leads the development, planning, and execution of cybersecurity awareness events and communication campaigns.
Develops, organizes, and delivers training sessions to employees on security policies and best practices.
Designs and delivers executive-level reporting for the security awareness program.
Cyber Risk Management:
Defines, collects, analyzes, and presents cybersecurity program performance metrics and key risk indicators (KRIs).
Leads regular assessments of cyber risks within applications, platforms, and processes.
Manages technology risks and develops mitigation strategies and risk management plans.
Manages third-party risk by assessing the security posture of external vendors and partners, implementing risk mitigation measures, and fostering secure third-party relationships.
Reviews contracts and consults with other departments on terms & conditions related to cyber risk.
PCI, SOX, and Privacy Compliance:
Collaborates across teams to ensure the appropriate design and operating effectiveness of regulatory and PCI-DSS controls.
Leads privacy impact assessments and related compliance and regulatory monitoring activities.
Designs compliance reporting and documentation requirements.
Leads audits and periodic gap assessments to validate compliance.
Partners with auditors and relevant stakeholders, manages action plans, and reports results to executives.
Management Responsibilities
- Not applicable
Scope
Decision Impact: Individual
Department Responsibility: Single
Budgetary Responsibility: No
Direct Reports: No
Indirect Reports: No
Physical Requirements: Not applicable
Required Education/Experience
Minimum Bachelor's Degree in Cybersecurity or related field or a combination of related education and work experience in an Information Security role to equal 4 years.
Minimum 10 years of experience in cybersecurity.
Minimum 5 years of experience in a GRC role.
Required Skills/Knowledge
Expert knowledge and experience with cybersecurity control frameworks (NIST CSF or ISO 27001 required).
Proven experience designing and implementing cybersecurity policies, controls, standards, and guidelines.
Expert knowledge and experience with PCI-DSS and SOX.
Proven experience partnering with external auditors in a publicly traded company.
Working knowledge of data governance and privacy regulations.
Experience with security awareness techniques and processes in an enterprise environment.
Exceptional written and verbal communication skills that can be adjusted to relevant audiences.
Analytic and problem-solving skills.
PulteGroup, Inc. and its affiliates do not accept unsolicited resumes from individual recruiters or third party recruiting agencies (collectively, “Recruiters”) in response to job postings. If Recruiters nevertheless submit one or more unsolicited resumes to any employee at PulteGroup, Inc. or its affiliates without a valid written agreement in place for this position, it will be deemed the sole property of PulteGroup, Inc. and its affiliates. No fee will be owing or paid to Recruiters who submit unsolicited candidates, in the event the candidate is hired by PulteGroup, Inc. or its affiliates as a result of the referral, without a written agreement between PulteGroup, Inc. and through any means other than via our Applicant Tracking System.
We are an equal opportunity employer (http://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. We will provide a reasonable accommodation to a qualified applicant with a disability that will enable the individual to have an equal opportunity to participate in the application process and to be considered for a job.
This Organization Participates in e-Verify (https://www.e-verify.gov/sites/default/files/everify/posters/EVerifyParticipationPoster.pdf)
Pulte Homes of Minnesota is an equal employment opportunity/affirmative action employer.
California Privacy Policy (https://www.pulte.com/legal/privacy-policy)
