Senior Information Security Compliance Analyst

Description

Technology keeps the world moving - It’s no different here at Hot Topic. We are looking to add a Senior Analyst IT Security Compliance who is responsible for implementing and maintaining the information security compliance management framework and program. This position will be part of Information Security and work with IT, business, e-commerce, legal and business units to meet our compliance requirements.

We are seeking a GRC (Governance, Risk, and Compliance) Analyst to support and enhance our internal security programs and processes. This role is primarily focused on owning and improving core GRC processes, including third-party risk management, access governance, and policy management.

The ideal candidate will have experience building and operating security processes that align with compliance requirements (e.g., PCI) and are sustainable in day-to-day operations, with the ability to support audits as needed.

This role will be onsite 2 days per week in our City of Industry, CA office.

Pay range is $100,000 - 115,000.

Please note the pay range for this position starts as listed in the job posting, but other factors such as an individual’s education, location, meeting the minimum job requirements for the role, training, and experience, will determine the final salary for potential new hires.

At this time, we are not able to support new employment-based visa sponsorships due to current business needs and resource limitations. Should our sponsorship capabilities change in the future, we will update our process accordingly.

WHAT YOU'LL DO:

Own and manage core GRC processes, including User Access Reviews (UAR), third-party/vendor risk management, and security policy and procedure lifecycle

Develop, maintain, and operationalize security policies, standards, and procedures, ensuring alignment with regulatory requirements and industry frameworks (e.g., PCI, NIST)

Translate policies into practical procedures and controls, partnering with IT and business teams to ensure effective implementation

Conduct internal security reviews and assessments to identify vulnerabilities, compliance gaps, and process improvement opportunities, and drive remediation efforts

Support access governance processes, ensuring appropriate access controls, least privilege, and periodic review cycles

Participate in the vendor risk assessment process, including security reviews and contract/security requirement evaluations

Prepare and deliver reports, metrics, and training/awareness programs, and act as a trusted advisor to stakeholders on security best practices and ITGC concepts

Support security audits (PCI-DSS, SOX ITGC, application controls) by coordinating evidence collection, responding to requests, and assisting with remediation planning.

WHAT YOU'LL NEED:

Minimum of 5+ years of experience in information security, GRC, compliance, IT audit, or security risk management, with exposure to security control processes and governance programs

Relevant certifications such as CISSP, CISM, CISA, CRISC, or similar are required or strongly preferred

Demonstrated experience in designing, implementing, and maintaining security controls and processes, including areas such as access governance (UAR), third-party/vendor risk management, and policy/procedure development

Strong understanding of risk management principles, including risk identification, control selection, and risk treatment

Experience supporting internal and external audits, including working with auditors, gathering evidence, and contributing to remediation efforts

Familiarity with IT General Controls (ITGC), including access controls, change management, and control validation concepts

Experience with cloud security controls across platforms such as AWS, Azure, GCP, or Oracle Cloud

Exposure to application security (web and/or mobile) concepts and controls

Bachelor’s degree in Information Security, MIS, Computer Science, Cybersecurity, or a related field (Master’s preferred)