LTK is a global technology platform that empowers lifestyle creators to monetize their content. The Security GRC Sr Analyst I will collaborate with cross-functional teams to ensure compliance with security standards, manage risk assessments, and lead security awareness programs.
Responsibilities:
- Maintain a centralized repository of security controls and requirements
- Map internal controls to relevant regulatory frameworks and standards (e.g., SOC 2, GDPR, CCPA, PCI-DSS)
- Serve as the primary point of contact for customer security questionnaires and vendor contract reviews
- Articulate our security posture to external partners and clients to support sales enablement
- Coordinate internal and external compliance audits
- Manage the evidence collection process and track audit findings (issues) to remediation, ensuring timely closure of gaps
- Lead security risk assessments for new projects, technologies, and vendors
- Guide stakeholders through the process of identifying threats and vulnerabilities
- Maintain the corporate risk register
- Track identified risks, mitigation plans, and risk acceptance decisions to ensuring leadership has visibility into the organization's risk landscape
- Oversee the third-party risk management program
- Assess the security posture of vendors and partners, monitoring for changes in their risk profile throughout the relationship lifecycle
- Measure and report on the overall maturity of the security program against established goals and KPIs
- Own the lifecycle of information security policies, standards, and procedures
- Review, update, and publish documentation to ensure it accurately reflects LTK's security commitments and aligns with industry best practices (e.g., NIST, ISO 27001)
- Collaborate with technical teams to translate complex security requirements into clear, accessible policy language
- Develop and deliver engaging security awareness training materials
- Orchestrate and analyze simulated phishing campaigns
- Use data from these campaigns to identify vulnerable user groups and tailor training interventions accordingly
Requirements:
- 5+ years of relevant experience in a Cyber Security Risk and Compliance
- Deep understanding of common security frameworks and standards such as NIST CSF, ISO 27001, SOC 2, and PCI-DSS
- Excellent written and verbal communication skills. You must be able to explain complex security risks to non-technical stakeholders and leadership
- Bachelor's degree in Computer Science, Information Systems, Business Administration, or equivalent work experience
- CISA
- CISSP
- CRISC
- CISM
- A mindset focused on seizing opportunities and moving with urgency
- Dedication to fierce prioritization and operational excellence
- Adaptability to a dynamic, fast-moving environment
- A growth mindset and openness to feedback