Governance, Risk and Compliance Security Analyst II
Credit Acceptance is proud to be an award-winning company with local and national workplace recognition in multiple categories! Our world-class culture is shaped by dedicated Team Members who share a drive to succeed as professionals and together as a company. A great product, amazing people and our stable financial history have made us one of the largest used car finance companies nationally.
Our Engineering and Analytics Team Members utilize the latest technology to develop, monitor, and maintain complex practices that help optimize our success. Our Team Members value being challenged, are encouraged to express their ideas, and have the flexibility to enjoy work life balance. We build intrinsic value by partnering with all functions of our business to support their success and make strategic business decisions. We focus on professional development and continuous improvement while enjoying a casual work environment and Great Place to Work culture!
The Governance, Risk, and Compliance (GRC) Security Analyst II is responsible for supporting the security direction of the business and elevating the company's security posture. The Senior GRC Security Analyst is expected to support the security strategy of the business within new and existing information system capabilities. The position requires understanding of legacy systems and new technologies and requirements. The Senior GRC Security Analyst is also responsible for maintaining the risk register and collaborating with IT teams to effectively drive risk reduction to manage corporate risk and strengthen security posture.
Outcomes and Activities:
• This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member
• Assist in the execution of GRC initiatives, such as security attestations (PCI, SOC 2, ISO 27001), and vendor risk management.
• Become an advocate and point of contact for security and compliance throughout the organization by articulating the value of 'security by design' practices and controls.
• Manage and execute on assigned workstreams in conjunction with GRC team members, partnering with stakeholders in the organization as well as external auditors to facilitate scoping, fieldwork, and reporting.
• Identify processes or areas with inefficiencies, partner with GRC and stakeholders to build consensus on a solution, and drive implementation and adoption.
• Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances College business objectives.
• Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves CA's security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities
• Remains current on best practices and technological advancements and acts as a technical resource for security assessment and regulatory compliance.
Competencies: The following items detail how you will be successful in this role.
• Customer Empathy: Customer Empathy is the ability to understand the perspectives, pain points, and experiences of customers. It involves actively putting oneself in the customer's shoes, comprehending their needs and challenges, and using that understanding to provide a better, more customer-centric experience.
• Engineering Excellence: Engineering Excellence is about bringing great craftsmanship and thought leadership to deliver an outstanding product that delights customers and solves for the business. This involves the pursuit and achievement of high standards, best practices, innovation, and superior solutions.
• One Team: A One Team mindset refers to a collaborative approach across the organization, where individuals work together seamlessly, without boundaries, as a single, cohesive team. Shared goals, open communication and mutual support create a sense of collective purpose. This enables teams to navigate challenges and pursue shared objectives more effectively.
• Owner's Mindset: Owner's Mindset involves adopting a set of behaviors that reflect a sense of responsibility, accountability, strategic thinking, and a proactive approach to managing your domain. As an owner, you understand the business and your domain(s) deeply and solve for the right outcome for the domain(s) and the business.
Requirements:
• Bachelor's degree in computer science, Information Technology, Information Assurance or a related field (or equivalent experience).
• 2+ years of experience in Information Technology, Security Analysis, Governance, Risk and Compliance and/or Internal Audit management.
• Functional understanding of fundamental information security concepts and technology.
• Knowledge of information security risk management frameworks and compliance practices.
• Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
• Understanding of technical and organizational security vulnerabilities, threats, and risks.
• Knowledge of applying a risk-based approach to planning, executing, and reporting on audit engagements and auditing process.
• Knowledge of security project management and planning.
Preferred:
• Experience working in a highly regulated industry vertical.
• Experience working with GRC automation platforms.
• Experience performing information security audits or risk assessments.
• Experience managing compliance-driven readiness activities as well as remediation and certification efforts. (e.g., ISO 27001, HIPAA, HITRUST, SOC2, FedRAMP)
• ISACA or (ISC)2 Certification.
Knowledge and Skills:
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication (written and verbal) and presentation skills.
• Strong work ethic with attention to detail.
• Willingness to learn and adapt as the situation arises.
• Ability to effectively communicate technical issues to diverse audiences, both in writing and verbally.
• Ability to work with cross-functional teams across organizational and cultural boundaries to achieve policy and process compliance.
• Ability to work independently and manage a fluid workload.
Targeted Total Compensation: A competitive base salary + an annual variable cash bonus will range from $89,000 to $135,000.
Final compensation within the range is influenced by many factors including role-specific skills, depth and experience level, industry background, relevant education and certifications, and geographic location.
INDENGMP
zip
LI-Remote
Benefits
• Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/ dental/vision and many nonstandard benefits that make us a Great Place to Work
Our Company Values:
To be successful in this role, Team Members need to be:
• Positive by maintaining resiliency and focusing on solutions
• Respectful by collaborating and actively listening
• Insightful by cultivating innovation, accumulating business and role specific knowledge, demonstrating self-awareness and making quality decisions
• Direct by effectively communicating and conveying courage
• Earnest by taking accountability, applying feedback and effectively planning and priority setting
Expectations:
• Remain compliant with our policies processes and legal guidelines
• All other duties as assigned
• Attendance as required by department
Advice !
We understand that your career search may look different than others. Our hiring team wants to make sure that this would be a fit not just for us, but for you long term. If you are actively looking or starting to explore new opportunities, send us your application!
P.S .
We have great details around our stats, success, history and more. We're proud of our culture and are happy to share why - let's talk!
Required degrees must have been earned at institutions of Higher Education which are accredited by the Council for Higher Education Accreditation or equivalent.
Credit Acceptance is dedicated to providing a safe and inclusive working environment for all. As part of our Culture of Compliance, we are proud to be an Equal Opportunity Employer and value our culturally diverse workforce. All qualified applicants will receive consideration for employment regardless of the person's age, race, color, religion, sex, gender, sexual orientation, gender identity, national origin, veteran or disability status, criminal history, or any other legally protected characteristic.
California Residents: Please click here for the California Consumer Privacy Act (CCPA) notice regarding the personal information Credit Acceptance may collect from you.
Play the video below to learn more about our Company culture.