About this role
About Us: DailyPay is transforming the way people get paid. As a worktech company and the industry’s leading on demand pay solution, DailyPay uses an award-winning technology platform to help America’s top employers build stronger relationships with their employees. This voluntary employee benefit enables workers everywhere to feel more motivated to work harder and stay longer on the job while supporting their financial well-being outside of the workplace. DailyPay is headquartered in New York City, with operations throughout the United States as well as in Belfast. For more information, visit DailyPay's Press Center.
The Role:The GRC Security Analyst is responsible for assessing, analyzing, and mitigating risks associated with the organization's information security posture. This role will play a crucial part in ensuring compliance with regulatory requirements and protecting sensitive data — both internally and across the third-party ecosystem. This includes evaluating the security posture of vendors and partners that DailyPay relies on, as well as supporting customers and partners when they assess DailyPay as part of their own vendor due diligence processes.
The GRC Security Analyst will also be responsible for assessing, analyzing, and mitigating risks associated with access to information systems, as well as the third-party vendors and partners who interact with those systems. This role will play a crucial part in ensuring the organization's compliance with regulatory requirements, managing third-party risk exposure, and protecting sensitive data across the full scope of DailyPay's internal and external relationships.
If this opportunity excites you, we encourage you to apply even if you do not meet all of the qualifications.
How You Will Make an Impact:Risk Assessment
Analyze access privileges, segregation of duties, and other control mechanisms to identify potential risks
Conduct regular risk assessments to identify and evaluate potential threats and vulnerabilities
Analyze security controls, policies, and procedures to identify gaps and weaknesses
Develop risk matrices and prioritize risks based on likelihood and impact
Perform third-party vendor risk assessments to evaluate the security posture of new and existing vendors, ensuring they meet DailyPay's security and compliance standards
Third-Party Risk Management
Lead and support DailyPay's third-party risk assessment program, including initial onboarding assessments, periodic reviews, and offboarding of vendors
Evaluate vendor security questionnaires, SOC 2 reports, penetration test results, and other security documentation to assess risk exposure
Maintain the vendor risk register and track remediation of identified gaps or deficiencies
Serve as a point of contact for customers and partners conducting security assessments of DailyPay, responding to security questionnaires, RFPs, and due diligence requests in a timely and accurate manner
Collaborate cross-functionally with Legal, Procurement, and Engineering to ensure third-party contracts include appropriate security requirements and data protection clauses
Compliance Management
Ensure compliance with relevant regulatory and industry frameworks (e.g. SOC2, ISO 27001, PCI DSS, SOX 404, GDPR, CCPA)
Develop and maintain compliance documentation and evidence
Policy Development and Enforcement
Assist in the development, implementation, and maintenance of information security policies including building relevant procedures to meet policy objectives
Ensure adherence to established policies and procedures by conducting regular audits and reviews
Identify and address non-compliance issues
Access Review and Certification
Oversee periodic access reviews to ensure that individuals have appropriate access privileges based on their roles and responsibilities
Certify access reviews and recommend changes as needed
Security Controls
Assist in the development, implementation, and maintenance of security controls
Review and evaluate the effectiveness of existing controls
Identify and address control deficiencies
Identify and Access Management (IAM)
Collaborate with the IAM team to ensure effective management of user identities and access privileges
Assist in the implementation and maintenance of IAM systems and processes
Incident Response
Contribute to incident response plans and procedures related to information security incidents
Assist in the investigation and remediation of security incidents
What You Bring to The Team:3+ years of experience in a GRC or information security role
Experience with GRC and Third Party Risk Management tools
Experience in a regulated public company is preferred
Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience)
Certification in CISA or CISSP
Strong understanding of access governance principles, frameworks, and best practices
Knowledge of risk management frameworks (e.g., NIST RMF, FAIR)
Strong interpersonal and communication skills, with the ability to collaborate effectively across internal teams, engage with external vendors during risk assessments, and professionally represent DailyPay when responding to customer security inquiries and due diligence requests
What We Offer:Competitive compensation
Opportunity for equity ownership
Private health insurance option
Employee Resource Groups
Fun company outings and events
Generous PTO Allowance
5% Pension contribution
#BI-Hybrid #LI-Hybrid