We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Senior Security Analyst - GRC at Fullsteam. Location Information: US-GA-Remote, United States. . It's fun to work in a company where people truly BELIEVE in what they're doing!. Fullsteam is a leading provider of vertical software and embedded payments technology dedicated to helping businesses flourish by providing their customers with seamless experiences. With a dynamic and growing team of over 1,900 employees, we are committed to driving innovation and delivering best-in-class software and payment solutions that empower small and medium-sized businesses across numerous industries. Our purpose is to help our customers grow their businesses and delight their customers. Join us and be a part of a forward-thinking company that values growth, excellence, and the success of our clients.. The Information Security team is part of the Legal, Risk and Compliance organization at Fullsteam responsible for data and cyber security.. We are seeking a highly skilled and motivated Security Generalist with expertise in Governance, Risk, and Compliance (GRC) to join our dynamic team. The ideal candidate will play a crucial role in ensuring the organization's security controls align with best practices. This role is responsible for identifying and mitigating risks across Fullsteam and its portfolio of business units, ensuring compliance with regulatory and industry standards (such as PCI DSS, HIPAA, SOC 2), and strengthening Fullsteam’s third-party risk management programs. A comprehensive understanding of security governance, risk management, and compliance frameworks as well as a general understanding of other security areas is needed. The Senior Security Analyst - GRC is a key role in Fullsteam’s rapidly growing GRC team, focused on risk management across our business units.. Primary Responsibilities:. Risk Management. Conduct risk assessments to identify and evaluate potential threats and vulnerabilities.. Collaborate across the organization with stakeholders to evaluate risk impact, define mitigation plans, and align with enterprise risk requirements.. Maintain and enhance the risk register and risk treatment workflows.. Compliance. Stay abreast of relevant laws, regulations, and industry standards related to information security (including PCI DSS, HIPAA, SOC 2).. Conduct compliance assessments and ensure adherence to applicable security requirements.. Assist in audits and control mapping.. Vendor Management. Evaluate and assess security controls of third-party vendors to ensure compliance with security standards, tracking risk issues and managing remediation efforts through completion.. Collaborate with procurement, legal, information technology and business units to ensure vendors align with security policies and contract obligations.. Training and Awareness. Develop and deliver security awareness and programs to educate employees on security best practices.. Provide training to staff regarding compliance requirements and security protocols including compliance responsibilities, emerging threats and secure practices.. Security Policy and Procedure Development. Draft, review, and update information security policies and procedures to ensure current compliance needs are reflective of current trends and communicated effectively.. Support policy adoption through cross-organizational collaboration and communication to ensure alignment.. Skills & Competencies:. Strong understanding of security and compliance frameworks (e.g., NIST CSF, ISO 27001, PCI DSS, HIPAA).. Proven experience with risk analysis, third-party risk management, and compliance programs.. Strong interpersonal skills with the ability to influence and communicate clearly with both technical and non-technical stakeholders.. Detail-oriented with excellent organizational and documentation skills.. Familiarity with security tools (e.g., GRC platforms, vulnerability scanners).. Analytical mindset with ability to identify root causes and drive remediation efforts.. Minimum Qualifications:. Bachelor’s degree in Cybersecurity, Information Technology, Risk Management or related field.. 5+ years of experience in information security, risk management, and/or compliance roles.. Demonstrated experience performing technical and procedural risk assessments, creating risk registers, measuring security control health, and/or reporting risks to internal stakeholders.. Hands-on experience with security tooling (such as external vulnerability scanners, cloud security tools, etc.) is preferred.. In-depth knowledge of security frameworks, standards, and regulations such as NIST and CIS.. Preferred Qualifications:. Professional certifications such as CISSP, CISA, CRISC, or CISM.. Experience in a multi-entity, fast-growing organization with SaaS and Payments offerings.. Familiarity with third-party risk management platforms and GRC tools (e.g., UpGuard, Archer, LogicGate).. Exposure to mergers and acquisitions from a security governance perspective.. Fullsteam supports an inclusive workplace that values diversity of thought, experience, and background. Fullsteam is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state, or local law.. .