Governance Risk Compliance Analyst

Yamaha has an excellent opportunity for a Governance Risk Compliance Analyst to join our ISD team in Cypress, CA.  In this role you will collaborate closely with privacy teams, business owners, website teams, and development teams to ensure the successful implementation and management of privacy control measures and cookie consent solutions. Additionally, you will play a crucial role in our Cyber Governance, Risk, and Compliance (GRC) projects and will be a critical member of the cyber security team with involvement in other cyber security areas like Information security infrastructure, including incident response, system design reviews, as well as provide regular status and service-level reports to management.

What you'll be doing:

• Support program strategy and projects.  Work closely with business owners to explain state control requirements and objectives related to cookie consent and Global Privacy Control (GPC) and cookie consent controls.  Collaborate with website and development teams to plan, execute, and oversee projects that may include GPC activities. Facilitate communication and collaboration between different teams to ensure alignment with GRC goals.
• Identify GRC security improvement opportunities and drive business GRC requirements across North America Divisions and business units including GPC.  Maintain accurate records of compliance activities, risk assessments, and project progress. Prepare comprehensive reports and documentation for internal and external stakeholders.
• Manage project timelines, budgets, and resources effectively to ensure project success.  Define project scope, goals, and deliverables and ensure they align with business needs and compliance requirements.  Coordinate with third-party vendors and consultants as needed to support project goals.
• Conduct risk assessments and develop mitigation strategies to address potential issues.  Review contract language to ensure compliance with cyber security standards.  Stay up to date with industry trends and best practices in privacy control and cookie consent management.
• Support other cyber security team activities to ensure GRC compliance Identify opportunities for process improvement and efficiency in GRC-related activities. Collaborate with colleagues to develop and implement best practices.
• Administer GRC tools as needed to support ongoing compliance tracking and overall cyber security enterprise risk reporting.

What you'll need to be successful: 

• Bachelor’s degree in computer science, Information Technology, Telecommunications, or equivalent work experience
• Minimum of 5 years' work experience with a few of the following: networking, Intrusion Detection/Prevention Systems (IDS/IPS), identity management, endpoint security, eCloud Access Security Brokers (CASB), Security Information Event Management (SIEM), Data Loss Prevention (DLP), and encryption technologies.
• 5 or more years cybersecurity risk management and compliance experience
• 5 or more years in managing, developing, implementing, and maintaining technologies, products, and operational processes.
• Strong understanding of privacy regulations and compliance standards (e.g. CCPA, CPRA, NIST, CSF).
• Knowledge of CIS Critical Security Controls, OWASP Top 10, NIST Cybersecurity Framework, and ISO 27001/2
• Understanding of IAM concepts, including federation, authentication, authorization, access controls, access control attacks, identity, and access provisioning life cycle.
• CISSP or equivalent certification preferred.
• CRISC (Certified Risk and information Systems Control) desired
• CAP (Certified Authorization Professional) a plus
• CIPM or CIPP/e privacy certifications a plus

Knowledge, Skills and Abilities:

• Strong ability to take ownership of technical challenges, lead expert in troubleshooting, and ability to work independently.
• Proven ability to collaborate with infrastructure, application, and business groups/departments. Excellent presentation and communication skills.
• Demonstrated success in providing technical leadership, oversight, and guidance to meet corporate information security policies, practices, and standards.
• Excellent communication and interpersonal skills to work effectively with cross-functional teams and stakeholders.

Decision-Making Responsibilities:

• Collaborate with team members on overall technical cybersecurity solution.
• Manage the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing management with a realistic overview of Cyber GRC risks and threats in the enterprise environment.
• Interface with business units to consult on security requirements and drive best practices.
• Responsible to make daily decisions to support operational processes and/or project objectives.
• Responsible to make daily decisions to support cybersecurity incidents and ensure incident handling meets GRC processes and requirements.
• Responsible to make decisions to enable incident response process/procedures.
• Responsible to make decisions to escalate issues to management.

Don’t meet every single requirement? Studies have shown that women and underrepresented minorities are less likely to apply to jobs unless they meet every single qualification. At Yamaha, we understand that talent comes in various forms, as such we are dedicated to building a diverse, inclusive, and authentic workplace.  If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles!  

Pay Range: 

• $83,313 - $146,630

Yamaha intends to offer the selected candidate base pay dependent on job-related experience.  Base pay is part of Yamaha’s Total Reward program, our Talent Acquisition Team will share more details as candidates progress. 

What’s in it for you:

• 401(k) and Profit Sharing
• Fertility Benefits
• 37.5 hour work-week
• Medical, Dental, Vision
• Life and AD&D Insurance
• Wellness Program
• Short-Term Disability Coverage (for hourly roles)
• Long-Term Disability
• Student Debt Repayment Benefits
• Ability to borrow Yamaha product

Reports to:  Department Manager

Yamaha Motor Corporation, USA is proud to be an equal opportunity employer.  All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identify, national origin, veteran or disability or any other status protected by federal, state, or local law.  We celebrate diversity and are committed to creating an inclusive environment for all employees. 

#LI-AS2