San Francisco, California
6 month growth↑ 1%
1 year growth↑ 0%
2 year growth↑ 6%
- Strong understanding of Information Security principles and technologies
- Demonstrated conceptual, analytical, and innovative problem-solving skills
- Project management skills
- Bachelor’s Degree in Information Technology, Computer Information Systems, Risk Management, Computer Science, Cybersecurity, or equivalent
- Understanding of security controls
- Team-oriented with experience working with diverse teams
- Support security risk management, third-party risk management, security maturity assessments, cloud security governance and reporting efforts
- Lead all initial reviews of vendors, partners, and any third party request
- Develop questionnaires and lead all vendor monitoring activities to assess vendor risk
- Lead quarterly vendor program reviews, updating Critical and High risk vendors and scheduling vendor monitoring for the quarter
- Conduct capability maturity deep dive assessment and update capability maturity quarterly
- Develop and update GRC security metrics and work with other security pillars to obtain relevant risk metrics
- Assist with the continuous monitoring of security GRC functions, developing executive reporting, and performing security third party risk management
- Support security compliance and certification functions such as ISO 27001, HIPAA, HITRUST, FISMA, NIST CSF, GDPR, and SOC2
- Participate in internal security risk assessments
- Develop strong working relationships with support teams, management, and cross functional working groups
- Stay current on security industry trends, attack techniques, mitigation techniques, and security technologies
- Experience with ISO 27001, HIPAA, HITRUST, FISMA, NIST CSF, GDPR, and SOC2
- Experience in conducting security risk assessments
- Experience in developing security metrics
- Certifications such as CISSP, CISM, CISA, CRISC, or similar
LiveRamp is the data collaboration platform of choice for the world’s most innovative companies. A groundbreaking leader in consumer privacy, data ethics, and foundational identity, LiveRamp is setting the new standard for building a connected customer view with unmatched clarity and context while protecting precious brand and consumer trust. LiveRamp offers complete flexibility to collaborate wherever data lives to support the widest range of data collaboration use cases—within organizations, between brands, and across its premier global network of top-quality partners.
Hundreds of global innovators, from iconic consumer brands and tech giants to banks, retailers, and healthcare leaders turn to LiveRamp to build enduring brand and business value by deepening customer engagement and loyalty, activating new partnerships, and maximizing the value of their first-party data while staying on the forefront of rapidly evolving compliance and privacy requirements.
About The Team
The LiveRamp Security team is dedicated to building trust in the LiveRamp brand through effective data stewardship. The security program is designed to reduce risk in alignment with business goals by establishing and leading the execution of a comprehensive security strategy. Security serves to protect information and physical assets of LiveRamp by establishing the security framework (policies, standards and processes). The Security team works in collaboration with the business leads to align the security function, to deeply understand business risks and changes, foster accountability for security, and strengthen the partnership between security and business leaders.
About This Position
LiveRamp is seeking a dedicated GRC Analyst to support all aspects of our security governance, risk, and compliance program. This role will report to the Director of Security Governance, Risk, and Compliance and work with cross-functional teams and external parties to support security risk management, security governance programs and activities and advise on security compliance.
Strong understanding of Information Security principles and technologies, technical information, and security concepts.
Demonstrated conceptual, analytical, and innovative problem-solving and evaluative skills, and an ability to conduct independent research and analysis, identify issues, formulate options, and make conclusions.
Understanding of existing and emerging technologies.
Project management skills – planning, status reporting, issues resolution, risk mitigation.
Highly effective communication with all levels of the organization including senior and executive management.
Ability to deliver high-quality documentation deliverables including business requirements documents, design documents, test cases, and end user training guides.
Strong organizational, interpersonal and presentation skills.
Excellent written and oral communication skills.
Ability to multi-task and handle multiple projects at the same time.
Exceptional problem solving, critical thinking, and analytical skills.
Bachelor’s Degree in Information Technology, Computer Information Systems, Risk Management, Computer Science, Cybersecurity, or equivalent educational or professional experience/qualifications.
Understanding of security controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security).
Strong problem-solving skills, including the ability to develop innovative risk mitigation solutions that address core issues.
Team-oriented with experience working with diverse teams.
Work under the direction of the Senior Director of Global Security Governance, Risk, and Compliance in supporting security risk management, third-party risk management, security maturity assessments, cloud security governance and reporting efforts.
Lead all initial reviews of vendors, partners, and any third party request
Work closely with Source to Pay and Procurement to continuously improve the vendor onboarding process.
Develop questionnaires and lead all vendor monitoring activities to assess vendor risk
Develop vendor monitoring workflow in ZSave
Work with IT to further improve our vendor management application
Problem solve with Source to Pay, Procurement, and Data Ethics for any vendor issues
Lead quarterly vendor program reviews, updating Critical and High risk vendors and scheduling vendor monitoring for the quarter
Complete security reviews for all vendor requests and assign risk ratings
Draft and communicate “Requests for information” for all critical vendors as it relates to current vulnerabilities or other security findings
Track all vendor responses to security questions
Update vendor inventory with risk rating, approvals, date reviewed, and date types
Program manage GRC security monthly metrics
Perform security reviews for all contractor onboarding (perform risk review and flag anomalies)
Conduct capability maturity deep dive assessment and update capability maturity quarterly
Develop and update GRC security metrics and work with other security pillars to obtain relevant risk metrics
Assist with the continuous monitoring of security GRC functions, developing executive reporting, and performing security third party risk management.
Support security compliance and certification functions such as ISO 27001, HIPAA, HITRUST, FISMA, NIST CSF, GDPR, and SOC2.
Participate in internal security risk assessments.
Update the risk register continuously as risks are noted.
Update and input information in the Board report and Security Action Committee presentation
Develop strong working relationships with support teams, management, and cross functional working groups.
Manage status and reporting on activities, issues, projects, etc. to team leadership
Strengthen technical ability to understand third party security risk and mitigating/compensating controls.
Stay current on security industry trends, attack techniques, mitigation techniques, and security technologies by attending conferences, networking with peers, and other educational opportunities.
People: work with talented, collaborative, and friendly people who love what they do.
In-Office Food: enjoy catered meals, boundless snacks, and the occasional food truck.
Fun: we host in-person and virtual events such as game nights, happy hours,
Work/Life Harmony: flexible paid time off, options for working from home, and paid parental leave.
Whole Health Package: Medical, dental, vision, life, disability, long term care, accident and critical illness insurance, pre-tax accounts (health, dependent and commuter), and a family forming benefit through Carrot. Plus Milk Stork, backup child and elder care, and discount on pet insurance, mental health support (via Talkspace)
FlexPerks reimbursement program to provide flexibility and choice ($375/quarter) for fitness, emotional, financial, family, travel and entertainment, convenience and security expenses. (U.S. LiveRampers)
Savings: Our 401K matching plan—1:1 match up to 6% of salary—helps you plan ahead. Also Employee Stock Purchase Plan - 15% discount off purchase price of LiveRamp stock (U.S. LiveRampers)
RampRemote: a comprehensive program to assist you in setting up a home office that works for you
The approximate annual base compensation range is $90,000 to $102,000. The actual offer, reflecting the total compensation package and benefits, will be determined by a number of factors including the applicant’s experience, knowledge, skills, and abilities, geography, as well asinternalequity among our team.
More about us:
LiveRamp’s mission is to connect data in ways that matter, and doing so starts with our people. We know that inspired teams enlist people from a blend of backgrounds and experiences. And we know that individuals do their best when they not only bring their full selves to work but feel like they truly belong. Connecting LiveRampers to new ideas and one another is one of our guiding principles—one that informs how we hire, train, and grow our global team across nine countries and four continents. Click here to learn more about Diversity, Inclusion, & Belonging (DIB) at LiveRamp.