Senior Governance, Risk, and Compliance (GRC) Analyst - Remote

The Opportunity:

TrueCar, Inc. is hiring a Senior Governance, Risk, and Compliance Analyst to join our Security & Compliance team. The Senior Governance, Risk, and Compliance Analyst will report to the Director, Security & Compliance and will assist in improving the overall security and compliance posture of the organization. Senior Governance, Risk, and Compliance Analysts must continually adapt to stay up-to-date on the latest security, compliance, and regulatory frameworks; the individual in this role is expected to learn and grow consistently. 

How you’ll contribute to TrueCar’s success:

• Collaborate with internal and external auditors and exam teams over internal controls, risks, documentation, and testing engagements while supporting stakeholders
• Evaluate, test, and document security solutions and controls, and work closely with other security team members to remediate risk while ensuring the business can innovate
• Work closely with business and technology stakeholders to identify, document, and implement processes to address areas of key risks
• Participate and assist with the implementation of new systems and processes to ensure continued business process improvement, operational efficiency, and industry compliance
• Support Sarbanes-Oxley (SOX) testing including coordinating with functional management personnel, internal stakeholders, and outside consultants
• Support Service Organization Control (SOC 2, Type 2) program through evidence gathering, testing, and coordination with auditors and stakeholders.
• Understand how privacy regulations and data governance models affect IT processes and compliance obligations
• Monitor evolving SOX, accounting guidance, and compliance requirements; identify relevant requirements, provide remediation plans, if necessary, and implement procedures to ensure the processes around the new requirements are in compliance 
• Work with IT stakeholders on the implementation of new systems and software solutions
• Conduct Third Party Risk Assessments before onboarding and annual reviews for critical vendors to address risks and comply with Third Party Risk Management (TPRM) best practices
• Help to develop risk assessment framework to identify, analyze and track cybersecurity risk exposures and remediation plans
• Develop and maintain IT policies, standards, and procedures including IT standard operating procedures, disaster recovery plan, and business continuity plan
• Help support the Findings Program by clearly articulating audit finding remediation deadlines to control owners, document remediation plans and 

Your Expertise:

• Proven experience in a related role
• Knowledge and experience with cybersecurity frameworks (NIST CSF/CIS),  SOC 2, internal control frameworks (COSO/COBIT), Security System Development Life Cycle and risk methodologies
• Ability to effectively build strong productive cross-functional relationships with stakeholders regarding security practices and compliance obligations
• Operational SOX experience for ITGCs & ITACs
• Knowledge of US privacy requirements
• Excellent analytical and problem-solving skills
• Outstanding listening and communication skills to enhance security posture
• Strong documentation skills, attention to detail, and demonstrated integrity and professionalism
• Experience working in the technology industry preferred
• CISA certification preferred

Base salary range: $96,00 - $128,000