• GRC Software Security Analyst

    Location US-TX-Carrollton
    Posted Date 3 weeks ago(6/1/2018 12:45 PM)
  • Overview

    Company: G6 Hospitality

     

    POSITION SUMMARY:

    The GRC Software Security Analyst will represent the IT GRC function to ensure that information security and data privacy policies, regulations, and adopted best practices are followed throughout the G6 software development lifecycle.

      • Works to ensure that G6 program, web, and mobile code is free from known defects and is sufficiently resilient to protect the confidentiality, integrity, and availability of G6 information and information systems.
      • Develops and delivers secure software design and development training to the development teams.
      • Responsible for representing the IT GRC team in project and vendor meetings as needed.
      • Responsible for supporting Company goals and initiatives through implementation of directives, policies, procedures, quality standards, and process improvements.

     

    About G6 Hospitality

     

    Whether you’re working at our headquarters in Carrollton or at one of our Motel 6 or Studio 6 locations, you have the unique opportunity to connect and leave a positive impact on those who visit us every day, in a real and meaningful way.

     

    As an iconic brand in economy lodging, we live to serve both our guest and our team members, equally. We seek out those who have a Heart for Service and a desire to grow with our organization. We provide our team members competitive benefits, in addition to leadership coaching and development opportunities through robust training and forums. Plus, with our Operation Next Step program we are committed to honoring and supporting our veterans and military spouses by creating opportunities to take that next step in their career with us.

     

    At G6, we work hard but we make sure to show our appreciation for our team members’ contributions during our CEO Awards, Team Member Appreciation Month, Veterans Day events, in addition to providing incentives for our frontline team members.

     

    If you have a service attitude, a desire to transform your career and have an entrepreneurial spirit, we look forward to having you join our team!  

    Responsibilities

    • Develop, promote, and maintain collaborative working relationships among team members and proactively addresses potential issues and conflicts to ensure team members meet Key Performance Indicators
    • Create, source, plan, and provide training for development personnel on secure software design and secure coding techniques as needed
    • Keep current on emerging software threats, vulnerabilities, and exploits as well as applicable regulations
    • Execute on day-to-day deliverables that support the ongoing compliance, risk and security needs related to, PCI, privacy, state and federal regulations, GDPR and other international regulations, and internal policies and procedures as they pertain to the G6 SDLC
    • Assist the QA and test teams in writing and vetting security test cases and misuse cases for new and existing software products
    • Participate as an integral part of the team, exhibiting ownership, follow through, initiative, awareness and effective communication with the IT team, various departments, and management
    • Work directly with business units  to gather evidence and documentation
    • Perform compliance monitoring and reporting as needed
    • Interface with IT teams, QSA, internal audit and external auditors to assess, communicate, remediate, or mitigate areas of software risk, as needed
    • Promote awareness and help educate employees on the need to comply with regulatory requirements
    • Advise and assist the IT organization in remediation and compliance of regulatory requirements
    • Assist in recommending business solutions/alternatives for best practices and compliance/security projects
    • Conduct compliance reviews and assessments to ensure new applications/systems are not introducing new vulnerabilities and compliance issues to the environment
    • Provide current compliance regulation and information to management and applicable business units and maintaining records to meet compliance requirements
    • Performs and integrates on-going security testing and code review to improve software security
    • Assist the development teams in validating results of software code scans, vulnerability scans, and penetration tests
    • Assist the development teams in identifying remediation steps or compensating controls for found software vulnerabilities
    • Assist in troubleshooting and debugging issues that arise from security-related issues
    • Evaluate and implement third-party tools to assist in detection, prevention and analysis of software security threats
    • Hold self and others accountable for achieving results, following processes, policy and procedures and delivering high standards of accuracy and efficiency in work performed
    • Communicate changes in work activities and priorities to GRC team
    • Assist GRC team in adjusting and responding to change while maintaining personal and team effectiveness
    • Recommend improvements to processes to improve overall performance, results and customer experience; and in communication, monitoring, or enforcement of compliance standards
    • Coordinate investigations and inquiries related to software risk and compliance
    • Identify compliance issues that require follow-up or investigation to the CISO

    Qualifications

    • Bachelor degree in computer science, management information systems or equivalent experience
    • Prior internal (IT) audit, IT compliance, or information security experience will be helpful – emphasis on software development and secure coding techniques required
    • Prior development experience with web and mobile development platforms and languages such as Java, HTML, XML, Xcode, and similar technologies required
    • Must be familiar with common web and mobile platforms such as Apache, IIS, iOS, and Android
    • Strong knowledge of PCI, GDPR, and other regulatory requirements desired (current/recent PCI knowledge is a must)
    • Must understand GDPR “Privacy by Design” concepts
    • Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, software security vulnerabilities and remediation necessary
    • Knowledge of risk and control frameworks, such as COBIT, ITIL, ISO 2700x, and NIST 800  helpful
    • Prior risk assessment experience on software development projects is required
    • Experience in assessing, quantifying, and remediating software vulnerabilities mobile applications and web applications is essential.  Must also be able to help development personnel learn to find and fix code security vulnerabilities.
    • Skill in assessing and writing security policies, standards, and procedures is desired
    • Experience with software code analysis and vulnerability scanning tools is required
    • Demonstrated ability to analyze and respond to potential software vulnerabilities and exploits desired
    • Has the ability to manage confidential information with complete integrity
    • Demonstrated technical and analytical ability
    • Strong verbal and written communications skills
    • Ability to speak to groups of development and project management personnel
    • Exhibits confidence and proper level of assertiveness when necessary while maintaining appropriate business relationships
    • Demonstrated proficiency in training or coaching others
    • Excellent organization and planning skills
    • Ability to effectively communicate at many organizational levels, including non-exempt associates, management and outside contacts
    • Ability to work effectively with both internal and external auditors and assessors

     

    To apply, please click on the application link, or send resumes to careers@g6hospitality.com

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed