Information Security Governance, Risk & Compliance Analyst

Applicants must have current authorization to work in the United States on a full-time basis.

Provide professional information security services by applying expert knowledge of Information Security Management Systems and established information security controls across both technology and business processes. Work independently to interpret requirements and recommend effective control solutions that support risk reduction and compliance objectives.

Support the development and enhancement of control management processes to ensure Encore business entities operate effective, well-evidenced information security controls that address operational risks, local regulatory and legislative obligations, corporate policies, and security best practices.

Contribute to the consistent operation and continual improvement of the Information Security Management Systems by maintaining processes, standards and quality assurance activities related to risk management, audit readiness, awareness initiatives and corrective action management. Collaborate proactively with departments to provide clear, actionable information security guidance that enables informed decisions and fosters strong working partnerships.

PRINCIPAL RESPONSIBILITIES

Implement and maintain information security policies, standards, procedures, guidelines and training materials that support the delivery of the Encore ISMS. Provide clear, actionable recommendations to promote effective governance of information security controls. Serve as a key resource for GRC activities, building effective relationships with key business stakeholders, and collaborating closely with global risk and compliance teams.

Support the effective management of Information Security risk to deliver security through clear, consistent, and prioritized communication of key vulnerabilities and recommended mitigations. Work with risk owners to support re-mediations required to bring residual risks in line with targets.  Perform regular audits of our InfoSec controls in line with policy and our ISMS; support control owners; document evidence; report findings, recommend actions; manage re-mediations.

Conduct regular and ad hoc risk reviews; prepare structured analysis for senior stakeholders/risk owners; provide prioritized recommendations, with options based on clearly communicated compensating controls, their impact, and effect on residual risk. Contribute to the continuous service improvement efforts to ensure the ISMS remains effective and aligned with ISO 27001 requirements.

Apply subject-matter expertise in our chosen frameworks (ISO27001, NIST CSF and others), providing informed recommendations and sharing knowledge to support team learning and capability development. Support the operation of the NIST CSF maturity model by evaluating control performance, preparing assessment materials, and communicating results to internal stakeholders to inform improvement planning.

Escalate identified security issues within required timescales and quality standards; recommend appropriate remediating actions and tracking progress towards closure. Maintain and update all ISMS policies, procedures and relevant legislation; ensure ISMS documentation is up to date and accurate.

Provide GRC InfoSec support to the business outside of normal working hours in response to key incidents or event management practices.

Work collaboratively within the team, supporting other team members and covering periods of absence as required; carry out any reasonable instructions as directed by management in alignment with departmental goals.

Maintain working knowledge of data privacy laws and regulations relevant to the business.

Perform other duties as assigned.

TRAVEL REQUIREMENTS:  

Domestic Travel:   25%                     International Travel: 10%

MINIMUM REQUIREMENTS

EDUCATION:  Bachelor's                

FIELD OF STUDY: Cybersecurity, Information Technology or equivalent

EXPERIENCE: Minimum 5 years of experience in Information Security, with a strong focus on Governance, Risk, and Compliance.

CERTIFICATION(S): CompTIA Security+ or equivalent in experience.

KNOWLEDGE, SKILLS, ABILITIES, AND OTHER ATTRIBUTES:

• Proficiency in using GRC tools and software to streamline and automate risk and compliance processes (i.e., AuditBoard)
• Skilled in audit management and experience liaising with third party auditors
• Able to work in a complex, global environment, actively and effectively managing relationships with other business units and stakeholders
• Knowledge of cybersecurity principles, best practices, and industry standards 
• Knowledge of governance, risk management, and compliance principles and practices
• Skilled in communicating technical requirements with non-technical stakeholders
• Strong oral and written communication skills
• Strong problem solving and analytical skills
• Strong time management skills, including effective responsibility prioritization
• Strong analytical and problem-solving skills to identify and assess security risks and develop appropriate mitigation strategies
• Knowledge of various cybersecurity frameworks such as NIST Cybersecurity Framework, ISO 27001, CIS Controls, etc.

PREFERRED QUALIFICATIONS

EDUCATION:  Bachelor's                

FIELD OF STUDY:  Cybersecurity, Information Technology or equivalent

EXPERIENCE: Over 5 years of experience in Information Security, with a strong focus on Governance, Risk, and Compliance.

CERTIFICATION(S):  CompTIA Security+, Certified Information Security Manager (CISM), Certified in Governance, Risk and Compliance (CGRC), Certified Information Systems Auditor (CISA).

KNOWLEDGE, SKILLS, ABILITIES, AND OTHER ATTRIBUTES:

• Experience in technical Information Security roles a plus
• Experience directly or indirectly managing team members
• Strong understanding of cybersecurity principles, best practices, and industry standards
• In-depth knowledge of governance, risk management, and compliance principles and practices
• Ability to develop and implement risk assessment methodologies and compliance programs
• Ability to successfully influence stakeholders in support of shared goals        
• Fluency in Spanish or French a plus

#LI-KL1

Starting Compensation

Annual Salary: $109,600.00 - $142,300.00 (Amount based on office location, relevant experience, skills, and competencies)

If you are wondering why you should work for us, here is something to help you decide:

• Pay and Bonuses: Earn a competitive salary. All employees are eligible for monthly incentives or annual bonus.

• Career Progression: Grow at MCM with paid training and development programs – including our very own MCM Academy – as well as a promote-from-within philosophy.

• Reward and Recognition: We are committed to honoring great results – ranging from informal accolades to formal company-wide awards and prizes like all-inclusive vacations.

• Tuition Assistance: Pursue a degree or coursework related to your current role, or the role you are striving for.

• Healthcare Insurance: Take advantage of comprehensive healthcare plans and options to ensure your continued health, plus fitness membership reimbursements, weight watchers, our wellness rewards Program and more.

• Volunteering Opportunities: Enjoy up to eight hours of paid time off each year to volunteer. We also offer volunteer grants and matching financial donations, up to US$ 2,500 per employee annually.

• Retirement Savings: Build a strong financial foundation and reach your goals for the future. With all the effort you invest in us, we’re proud to invest in you.

• New Family Support: Celebrate your new arrival with company paid leave, new parent flex time, and child back-up care options.

• Team-building: Enjoy experiences that inspire bonds with your colleagues through a wide range of company-sponsored team-building events, such as holiday celebrations and department outings.

• Work-Life Balance: Enjoy paid and floating holidays, as well as generous paid-time-off.

Our compensation and benefits programs were created with an 'Employee-First Approach' focused on supporting, developing, and recognizing YOU.  We offer a wide array of wellness and mental health initiatives, support volunteerism, and environmental efforts, encourage employee education through leadership training, skill-building, and tuition reimbursements, and always strive to provide promotion opportunities from within.

About Us

Headquartered in the United States, Encore Capital Group (Encore) is a publicly traded international specialty finance company operating in various countries around the globe. Through our businesses - such as Midland Credit Management and Cabot Credit Management - we help consumers to restore their financial health as we further our Mission of creating pathways to economic freedom. Our commitment to building a positive workplace culture and a best-in-class employee experience have earned us accolades including Great Place to Work® certifications in many geographies where we operate. If you have a passion for helping others and thrive at a company that values innovation, inclusion and excellence, then Encore Capital Group is the right place for you.

Encore Capital Group and all of its subsidiaries are proud to be an equal opportunity employer and are committed to fostering an inclusive and welcoming environment where everyone feels they belong. We encourage candidates from all backgrounds to apply. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other status protected under applicable law. If you wish to discuss potential accommodations related to applying for employment, please contact Talent@mcmcg.com.