GRC (Governance, Risk & Compliance) Analyst
LivePerson (NASDAQ: LPSN) is the global leader in enterprise conversations. Hundreds of the world’s leading brands — including HSBC, Chipotle, and Virgin Media — use our award-winning Conversational Cloud platform to connect with millions of consumers. We power nearly a billion conversational interactions every month, providing a uniquely rich data set and safety tools to unlock the power of Conversational AI for better customer experiences.
At LivePerson, we foster an inclusive workplace culture that encourages meaningful connection, collaboration, and innovation. Everyone is invited to ask questions, actively seek new ways to achieve success, nd reach their full potential. We are continually looking for ways to improve our products and make things better. This means spotting opportunities, solving ambiguities, and seeking effective solutions to the problems our customers care about.
Overview:
A GRC (Governance, Risk & Compliance) Analyst is a key member of the Global Security Team supporting the execution of LivePerson’s global GRC program. The purpose of this position is to provide information security and compliance knowledge for support and implementation of the information security GRC program.
Responsibilities require knowledge to ensure effective compliance to regulations; 3rd party vendor management experience, control testing; awareness and education; and development of policies, standards and guidelines to align with the LivePerson Global Security Team’s mission - “To enable LivePerson, to be LivePerson - Securely”.
Our GRC Analysts report to the GRC leadership team and are a part of LivePerson’s highly talented and Global Security Team.
You will:
Duties and Responsibilities:
Compliance
- Collaborate with LivePerson teams to ensure we are implementing security best practices that meet relevant regulatory compliance requirements.
- Support the strategy for managing an increasing number of audits, compliance checks and assessment processes.
- Assist in the testing and analysis of the LivePerson control environment against industry and regulatory governance frameworks.
Audit
- Work with the respective audit teams to obtain necessary evidence information for audits/assessments and certifications.
- Provide guidance, evaluation and advocacy for all audit responses.
Shared Responsibilities
- Support GRC team with other standard daily processes/ticket requests, as need arises.
- Provide assistance in the 3rd Party Vendor Management program.
- Assist the team to build and manage the security awareness program. This can include sending mass email communications, validating the content of the training is sufficient, providing reports for compliance/audit requirements.
- Maintain excellent relationships with all business partners and provide a consistent perspective that continually puts LivePerson into the best security posture possible.
- Perform other duties as assigned to ensure the smooth functioning of the Global Security Team and maintain the reputation of LivePerson as a valued business partner to its customers.
You have:
-
Required Qualifications
- Minimum of 2 years experience in a compliance and or IT security environment.
- Knowledge of information security risk management frameworks and compliance practices (e.g., PCI DSS, HITRUST, SOC 2, ISO27001, NIST 800-171 etc.).
- Excellent interpersonal communication, and presentation skills, including formal report writing experience for all levels of management.
- Adept at understanding business focus and processes with the ability to inject GRC concepts into the business through teamwork and influence.
- Exceptional oral and written communication skills to be used with all levels of management, across various business units, and both internally and externally, with an ability to express information security concepts in simplified terms.
- Operate with a high degree of independence with regard to daily projects and duties as assigned.
- Candidates must be willing to undergo background checks to verify their identity, character, qualifications, skills and experience.
Preferred Qualifications
- Experience in a SaaS environment.
- College degree in Information Technology, Computer Science or a related field, or equivalent experience.
- Advanced security qualifications such as CISSP, CRISC, CISM, GIAC, CDPSE or CIPM or equivalent experience.
- Certifications and degrees are always welcomed, but don’t let not having them stop you from applying, as equivalent experience and knowledge can meet these requirements as well.
Benefits:
- Health: medical, dental, and vision
- Time away: vacation and holidays
- Development: Generous tuition reimbursement and access to internal professional development resources.
- Equal opportunity employer
- #LI-Remote
Why you’ll love working here:
As leaders in enterprise customer conversations, we celebrate diversity, empowering our team to forge impactful conversations globally. LivePerson is a place where uniqueness is embraced, growth is constant, and everyone is empowered to create their own success. And, we're very proud to have earned recognition from Fast Company, Newsweek, and BuiltIn for being a top innovative, beloved, and remote-friendly workplace.
Belonging at LivePerson:
We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants with criminal histories, consistent with applicable federal, state, and local law.
We are committed to the accessibility needs of applicants and employees. We provide reasonable accommodations to job applicants with physical or mental disabilities. Applicants with a disability who require reasonable accommodation for any part of the application or hiring process should inform their recruiting contact upon initial connection.