Governance Risk and Compliance Specialist

Job Description

InfoSec

What We Do

Keep Epic's networks, hardware, and people safe from security risks. Install security measures and operate software to protect systems and information infrastructure, including firewalls and encryption programs. Document issues as they arise and assess & report any impact caused.

What You'll Do

Epic Games is looking for a Governance, Risk and Compliance Specialist to help ensure the confidentiality, integrity, and availability of Epic Games' information systems. The ideal candidate will be responsible for driving and contributing to various GRC initiatives including internal compliance assessments, policy creation and alignment, third-party risk management, and security training and awareness. This role requires a driven individual who can manage multiple projects simultaneously and will thrive in a fast-paced environment.

In this role, you will
• Develop and run the internal assessments program, aligned with industry-standard internal audit frameworks and tailored to Epic's needs
• Plan and conduct internal assessments to assess the effectiveness of internal security controls and ensure alignment with both internal policy and industry best practices
• Work with teams across Epic to document, track and remediate assessment findings
• Help define and maintain a security control library in collaboration with Risk Management SMEs and other relevant stakeholders
• Help review, edit and update GRC process documentation and best practices documentation
• Help maintain Epic's security policies
• Help maintain Epic's training and awareness program Assist with industry standard alignment and certification programs

What we're looking for
• Strong knowledge of Information Security principles and industry standards
• Experience running internal compliance/assurance assessments
• Knowledge of security frameworks (CIS, NIST etc)
• Knowledge of internal audit frameworks (ISACA COBIT etc.)
• Excellent oral and written communication skills, including report writing and policy documentation
• Ability to work independently and proactively

Note to Recruitment Agencies: Epic does not accept any unsolicited resumes or approaches from any unauthorized third party (including recruitment or placement agencies) (i.e., a third party with whom we do not have a negotiated and validly executed agreement). We will not pay any fees to any unauthorized third party. Further details on these matters can be found here.

Jobcode: Reference SBJ-ro76y2-216-73-216-62-42 in your application.