Job Summary: Maintains and contributes to the design of the Company’s cybersecurity Governance, Risk, and Compliance program (GRC). The GRC Analyst II plays a key role in assessing technology-related risks and ensuring compliance with relevant regulations, policies, standards, and controls designed to protect the organization’s information assets. Learned professional who works independently with limited guidance except when dealing with unusual or complex scenarios. Provides guidance to less experienced GRC Analysts and leads process improvement efforts within the Information Security team. Primary Job Responsibilities Policies/Standards/Controls: Develops and maintains cybersecurity policies, standards, and guidelines. Implements and monitors compliance with cybersecurity control framework. Ensures policies are up-to-date and align with industry best practices, regulatory requirements, and cyber frameworks. Communicates policies to relevant stakeholders. Security Awareness: Independently develops security awareness training programs and materials. Plans and executes cybersecurity awareness events and communication campaigns. Develops, organizes, and delivers training sessions to employees on security policies and best practices. Monitors and reports on the effectiveness of security awareness initiatives. Cyber Risk Management: Collects, analyzes, and presents cybersecurity program performance metrics and key risk indicators (KRIs). Independently conducts regular assessments of cyber risks within applications, platforms, and processes. Identifies risks and develops mitigation strategies and risk management plans Manages third-party risk by assessing the security posture of external vendors and partners, implementing risk mitigation measures, and fostering secure third-party relationships. PCI, SOX, and Privacy Compliance: Ensures appropriate design and operating effectiveness of regulatory and PCI-DSS controls. Manages privacy-related data subject access requests. Monitors compliance and reports effectiveness. Independently performs periodic gap assessments to validate compliance. Monitors regulatory environment and performs impact assessments. Partners with auditors and manages action plans in response to audit discoveries. Management Responsibilities Not applicable Scope Decision Impact: Individual Department Responsibility: Single Budgetary Responsibility: No Direct Reports: No Indirect Reports: No Physical Requirements: Not applicable Required Education/Experience Minimum Bachelor's Degree in Cybersecurity or related field or a combination of related education and work experience in an Information Security role to equal 4 years. Related Functional Experience: Minimum of 5 years of experience in cybersecurity or technical risk analysis. Minimum of 3 years of experience in a GRC role. Required Skills/Knowledge Depth of knowledge with cybersecurity control frameworks (NIST CSF preferred) Working knowledge of cybersecurity policy lifecycle, standards, and guidelines. Experience with PCI-DSS and SOX Working knowledge of data governance and privacy regulations Experience with security awareness techniques and processes in an enterprise environment. Exceptional written and verbal communication skills that can be adjusted to relevant audiences. Analytic and problem-solving skills. PulteGroup, Inc. and its affiliates do not accept unsolicited resumes from individual recruiters or third party recruiting agencies (collectively, “Recruiters”) in response to job postings. If Recruiters nevertheless submit one or more unsolicited resumes to any employee at PulteGroup, Inc. or its affiliates without a valid written agreement in place for this position, it will be deemed the sole property of PulteGroup, Inc. and its affiliates. No fee will be owing or paid to Recruiters who submit unsolicited candidates, in the event the candidate is hired by PulteGroup, Inc. or its affiliates as a result of the referral, without a written agreement between PulteGroup, Inc. and through any means other than via our Applicant Tracking System. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. We will provide a reasonable accommodation to a qualified applicant with a disability that will enable the individual to have an equal opportunity to participate in the application process and to be considered for a job. This Organization Participates in e-Verify Pulte Homes of Minnesota is an equal employment opportunity/affirmative action employer. California Privacy Policy Here at PulteGroup: We will not send correspondence from any non-PulteGroup email (for example, we will not contact you via a gmail, yahoo or outlook email address) We conduct our interviews in person or via phone or Teams/Zoom video (we would never conduct an interview via text message or Teams chat) We will not issue you a check as part of your onboarding for any reason (including for supplies, home office equipment, computers, etc.) We will not request money as part of your interview or onboarding process If you suspect you have been contacted by a scammer and would like to verify the legitimacy of an offer, please contact Recruiting@Pulte.com. PulteGroup Employee Benefits At PulteGroup, we believe that our people are what makes us a great place to work and we strive to meet their health and welfare needs with a competitive suite of benefit offerings designed for their unique lifestyles. Comprehensive, Flexible and Affordable Healthcare Coverage Options Supplemental Healthcare Coverage Opportunities PTO and Work/Life Benefits Health Advocacy and Wellness Retirement Plan with Company Match Education and Employee Assistance Programs Paid Parental Leave and Adoption Benefits Mortgage Financing Discounts through Pulte Mortgage Introduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.