KUBRA is looking for a technical Senior IT Risk Analyst to join our Information Security team!

As a Senior IT Risk Analyst you will lead day-to-day governance, risk, and compliance (GRC) operations related to privacy, policy compliance, security requirements governance, and risk management functions.

You will also lead information security compliance programs and audits including, but not limited to: PCI-DSS, SOC1, SOC2, SOX, HIPAA, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.

As a Senior Risk Analyst will also help develop risk and compliance strategies and create, improve, and monitor company's cybersecurity controls.

This is a hybrid role based out of our office in Tempe, AZ.
What you get to do every day
Update security controls and provide support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI DSS, HIPAA, NIST
Perform privacy impact assessments and conduct related ongoing compliance and regulatory monitoring activities
Help define and lead the implementation of an enterprise-wide strategy focused on the reduction of risk
Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
What kind of person should you be?
Willing to take initiative and work proactively under minimal supervision
Ability to prioritize and successfully complete tasks while working under pressure in a fast-paced environment
Multi-tasking skills with the ability to manage and balance large volumes of work
Attention to details and strong analytical skills
Team-player with strong interpersonal skills and a professional attitude
Capable of fostering strong working relationships with all levels of staff within the organization and external contacts
Ability to work with sensitive and confidential material
Strong communication skills, both written and verbal
What skills do you need?
5+ years of relevant experience in the IT risk, privacy, security, compliance or audit field
Bachelor's degree in Information Systems, Cybersecurity, or a related field
Must have strong working knowledge of Information Security best practices and standards such as (but not limited to) PCI DSS, SSAE18, SOX, ISO 27000 Series, COBIT, etc.
Experience leading and implementing privacy and compliance practices
Experience performing information security audits or risk assessments
Strong working knowledge of Privileged Access Management, Identity and Access Management, Log Collection/Monitoring/Baselining, Vulnerability, and Patch Management concepts
Strong technical understanding of firewalls, WAFs, SIEM, antivirus, IDS/IPS, and cloud concepts
Experience in administration of GRC tools

Certifications, preferred but not required:
CISSP (desired)
CISM (preferred)
CRISC (preferred)
PCIP (preferred)
Any other industry recognized certifications
What can you expect from us?
Award-winning culture that fosters growth, diversity and inclusion for all
Paid day off for your birthday
Access to LinkedIn learning courses
Continued education with our education reimbursement program
Free unlimited access to our refreshment stations (fully stocked with tea, coffee and other beverages)
Two paid days for volunteer opportunities
Well-being days!