Job Description

LOCATION: Santiago, DR
MODALITY: Remote in the Dominican Republic
SCHEDULE: Monday to Friday, 09:00 a.m. – 06:00 p.m.
POSITION OVERVIEW:
The Senior Security Analyst – GRC (Risk and Reporting) is responsible for supervising risk management processes, following up on incidents and ensuring that remediation efforts are effective. This role also involves managing security metrics and the reporting program. The position requires a detail-oriented individual, with experience in IT compliance, risk management and internal controls.
The analyst will work collaboratively with various teams to collect and evaluate evidence necessary to meet security requirements. The ideal candidate will be proactive, with strong interpersonal skills, able to take responsibility for their roles and work independently in a dynamic, fast-paced environment.

ESSENTIAL RESPONSIBILITIES/FUNCTIONS:
Management of the Risk and Incident Registry:
•\ Lead the development and maintenance of the Information Security risk register, ensuring that all identified risks are properly documented, evaluated and monitored.
•\ Follow up on incidents and action plans related to risk mitigation and compliance findings.
•\ Coordinate with those responsible for controls to ensure the timely resolution of incidents and deficiencies.
•\ Support the development and maintenance of the organizational risk appetite statement and risk tolerance levels.
Although the primary focus of the role is Risk and Reporting, the candidate will be required to support other GRC activities as required.

ADDITIONAL ROLES AND RESPONSIBILITIES:
•\ Jostens Information Security Program: Support in the development, maintenance and communication of policies, standards and procedures.
•\ Audits/Evaluations: Facilitate audits and evaluations of IT programs and individual components to determine compliance with published standards (e.g., SOC 2, SOX, ISO 27000, PCI, among others).
•\ Supplier Management: Support third-party risk management as necessary.
•\ Training: Develop, plan, coordinate, deliver and/or evaluate training courses.
•\ Privacy: Coordinate with legal and IT teams on privacy-related requests.
•\ Incident Response: Ensure proper documentation and post-incident analysis.

POSITION REQUIREMENTS/SPECIFICATIONS:
(Base requirements for all exempt and non-exempt salaried employees of Jostens are: (i) computer proficiency and functional command of the basic MS Office suite – Word, Excel, Outlook, Microsoft Edge; (ii) good oral and written communication skills; (iii) good interpersonal skills; and (iv) ability to work both individually and in a team.)
Required:
•\ Advanced English
•\ Bachelor's degree in Administration, Accounting, Information Security, Information Systems, Cybersecurity or other related area, or equivalent work experience.
•\ Minimum 5 years of experience in Information Security, IT Compliance, IT Audit or related roles.
•\ Practical experience in risk management.
•\ Experience with third-party GRC/management tools (e.g., Archer, OneTrust, ZenGRC, among others).
•\ Solid knowledge of risk management principles, incident monitoring and risk reporting.
•\ Knowledge of metrics and reporting.
•\ Excellent analytical and problem-solving skills.
•\ Strong oral and written communication skills.
•\ Ability to work with technical and non-technical teams.
•\ Ability to collaborate with cross-functional teams and external partners.
•\ High level of attention to detail, with experience prioritizing and managing multiple projects with simultaneous demands.
Desirable:
•\ Certifications applicable to Information Security, Governance, Risk and Compliance (e.g. CISSP, CISA, CISM, CRISC, CRMA).

BENEFITS:
•\ Weekly payment
•\ Law medical insurance and AFP
•\ Supplementary health insurance
•\ Life insurance
•\ Internal bank
•\ Pharmacy and optical credit
•\ Referral program
•\ Growth opportunities
•\ 100% remote position",