Security Analyst, GRC

Security Analyst - GRC

At CDK, the Security Analyst provides comprehensive information security risk management services across the organization. The analyst is responsible for operating the current program, identifying opportunities to uplevel the program and implement identified improvements. This role involves close coordination with business stakeholders, information security governance, and other security functions to ensure robust security practices and risk management across the whole CDK Enterprise.

Key Responsibilities
Leadership & Strategy:

• Exemplify security principles and culture
• Effectively partner across security, technology, and business teams
• Be a thought leader on matters of security risk to business and technology partners

Third Party

• Support the full lifecycle of Third Party Risk Management from onboarding to offboarding
• Conduct initial and ongoing risk assessments of third-party vendors to identify potential privacy and security risks
• Request, track, and analyze vendor due diligence documentation (e.g., SIG questionnaires, SOC reports, security policies)
• Coordinate with internal stakeholders and vendors to identify, document, and monitor risk remediation efforts
• Evaluate vendor cybersecurity controls and align with the organizations risk management framework
• Collaborate with Contracts/Procurement teams on reviews related to vendor engagements

Business Continuity And Disaster Recovery

• Works with stakeholders (e.g., department managers, project managers, and systems administrators) at different levels in the organization to understand their respective resilience needs and assists with implementing practices and procedures consistent with CDK policies and standards.
• Conducts business impact analysis, facilitates creation Business Continuity & Disaster Recovery Plans, and conducts tabletop exercises.
• Develops dependency mapping models representing capabilities and relationship with the respective applications in preparation for failover projects and the creation of runbooks and DR plans.
• Partners with other IT groups to conduct service resilience and continuity risk assessments on new solutions and systems, ensuring they align with our resilience standards and reference architecture requirements.
• Helps support and maintain all disaster recovery related workstreams end to end.

Required Qualifications

• Bachelor's degree or higher in cybersecurity or a related field, or an equivalent experience.
• Minimum of 4 years of experience in security, with at least 2 years in risk assessments, BCDR, or TPRM.
• Relevant certifications such as CISM, CRISC, CISSP, and cloud certifications are highly desirable.
• Strong logical, critical thinking, and problem-solving skills.
• Extensive knowledge of Cyber Security and Risk in the context of application security (AppSec), cloud security, and IT infrastructure.

At CDK, we believe inclusion and diversity are essential in inspiring meaningful connections to our people, customers and communities. We are open, curious and encourage different views, so that everyone can be their best selves and make an impact.

CDK is an Equal Opportunity Employer committed to creating an inclusive workforce where everyone is valued. Qualified applicants will receive consideration for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, creed or religion, age, disability (including pregnancy), results of genetic testing, service in the military, veteran status or any other category protected by law.

Applicants for employment in the US must be authorized to work in the US. CDK may offer employer visa sponsorship to applicants.