Security Compliance Specialist

Are you ready to keep the data of 49 million global customers safe?

Groupon’s Information Security team is seeking a Security Compliance Analyst who will support

enterprise adherence to information security controls, regulations and industry best practices by leading various initiatives to protect the confidentiality, integrity and availability of our data and information systems assets

This involves an understanding of Groupon’s business requirements and a thorough understanding of regulatory requirements (such as GDPR,PCI) for both outsourced providers and internally developed solutions and how best to meet those requirements. The Analyst will develop strong partnerships with internal business partners and external vendors to ensure customer, employee, and company information is protected at the appropriate level.

Primary responsibilities include assisting in third party vendor management reviews, implement data loss prevention policies and procedures, and provide support for PCI compliance.

Does this sound like you?

• Excellent verbal, interpersonal, and written communication skills
• Excellent analytical, problem-solving and decision-making capabilities
• Can effectively work self-sufficiently across a geographically distributed team environment with integrity
• Is a results oriented, high energy person who takes pride in their work

Professional Skills & Responsibilities

• Perform information security due diligence on third party vendors to determine the effectiveness of their controls to protect the Company’s data, identify any discrepancies and escalate all issues to management.
• Review completed SIG questionnaires based on vendor risk and evaluate responses received from security questionnaires that align with ISO and NIST standards
• Assisting in the risk and compliance program’s design, process re-engineering or enhancements and tool and technology implementations as applicable
• Maintain and develop policies and procedures
• Working directly with key business leaders to facilitate risk analysis and risk management processes, identifying acceptable levels of risk and establish roles and responsibilities with regards to risk management for both service providers and internal solutions
• Assist in the development of third party due diligence policies and standards which set the vendor requirements based on risk.
• Maintain knowledge of the latest active security threats in order to understand current risks and articulate those risk to the business and vendor
• Support various PCI Compliance initiatives
• Support security awareness training, including phishing campaigns.
• Ability to continually improve awareness training – provide a feedback loop, analyze input, create action plans to address gaps and increase training effectiveness

Qualifications:

• 3+ years of experience in an IT Risk, Third Party Vendor Assessment or Information Security organization with a general understanding of Compliance, Audit, Security and Risk.
• An understanding of Privacy regulations such as GDPR
• Proven analytical problem-solving skills with a demonstrated ability to research problems and proactively suggest ways to better a process
• Highly motivated with demonstrated experience managing multiple projects in a fast-paced, deadline-oriented work environment

Groupon’s purpose is to build strong communities through thriving small businesses. To learn more about the world’s largest local ecommerce marketplace, click here. You can also find out more about us in the latest Groupon news as well as learning about our DEI approach. If all of this sounds like something that’s a great fit for you, then click apply and join us on a mission to become the ultimate destination for local experiences and services.

Beware of Recruitment Fraud: Groupon follows a merit-based recruitment process without charging job seekers any fees. We've noticed an increase in recruitment fraud, including fake job postings and fraudulent interviews and job offers aimed at stealing personal information or money. Be cautious of individuals falsely representing Groupon's Talent Acquisition team with fake job offers. If you encounter any suspicious job offers or interview calls demanding money, recognize these as scams. Groupon is not responsible for losses from such dealings. For legitimate job openings, always check our official careers website at grouponcareers.com.