GRC Analyst II (REMOTE)

At DICK’S Sporting Goods, we believe in how positively sports can change lives. On our team, everyone plays a critical role in creating confidence and excitement by personally equipping all athletes to achieve their dreams.  We are committed to creating an inclusive and diverse workforce, reflecting the communities we serve.

If you are ready to make a difference as part of the world’s greatest sports team, apply to join our team today!

OVERVIEW:

We are seeking a highly motivated GRC Analyst II to help us maintain a robust cybersecurity governance, risk, and compliance program.  The ideal candidate will play a pivotal role in reducing cybersecurity risk and maintaining technology compliance while enabling the business to serve our athletes and teammates. This position is ideal for candidates who are looking to further their career in the cybersecurity field.

Policy/Standard/Control Statement Development and Maintenance:

• Contribute to the creation and maintenance of cybersecurity control statements, policies, standards, and guidelines.

• Ensure policies are up-to-date and align with industry best practices and frameworks.

• Communicate policy changes and updates to relevant stakeholders.

Security Awareness Training:

• Assist in the development of security awareness training programs and materials.

• Assist with the planning and execution of cybersecurity awareness events and communication campaigns.

• Organize and deliver training sessions to teammates on security best practices.

• Monitor and report on the effectiveness of security awareness initiatives.

Technology Risk Assessment:

• Assist with the collection, analysis, and presentation of cybersecurity program performance metrics and key risk indicators (KRIs).

• Conduct regular assessments of technology-related risks within applications, platforms, and processes.

• Identify risks and assist in the development of mitigation strategies and risk management plans.

• Provide policy, risk, and compliance input on the design of required security measures.

PCI and SOX Compliance:

• Serve as a second line of defense to ensure appropriate design and operating effectiveness of PCI DSS and SOX controls.

• Collaborate with cross-functional teams to implement necessary controls.

• Maintain compliance documentation and reporting.

QUALIFICATIONS:

• 1-3 years of experience in cybersecurity, GRC, or technology audit

• Some working knowledge and experience with cybersecurity controls frameworks such as the NIST CSF is preferred

• Previous experience with cybersecurity policy lifecycle, control statements, standards, and guidelines is preferred

• Some knowledge of PCI-DSS and SOX technology control requirements

• Some knowledge of security awareness techniques and processes

• Effective communication skills that can be adjusted to relevant audiences

• Analytic and problem solving skills

• Ability to work effectively in a team and remote work environment

• Bachelors in Cybersecurity, MIS, Computer Science, or related field is preferred but not required

• 1-3 years of experience in cybersecurity, GRC, or technology audit

• Some working knowledge and experience with cybersecurity controls frameworks such as the NIST CSF is preferred

• Previous experience with cybersecurity policy lifecycle, control statements, standards, and guidelines is preferred

• Some knowledge of PCI-DSS and SOX technology control requirements

• Some knowledge of security awareness techniques and processes

• Effective communication skills that can be adjusted to relevant audiences

• Analytic and problem solving skills

• Ability to work effectively in a team and remote work environment

• Bachelors in Cybersecurity, MIS, Computer Science, or related field is preferred but not required