GRC Security and Access Governance Analyst

About Us:
DailyPay is transforming the way people get paid. As a worktech company and the industry’s leading on demand pay solution, DailyPay uses an award-winning technology platform to help America’s top employers build stronger relationships with their employees. This voluntary employee benefit enables workers everywhere to feel more motivated to work harder and stay longer on the job while supporting their financial well-being outside of the workplace.
DailyPay is headquartered in New York City, with operations throughout the United States as well as in Belfast. For more information, visit DailyPay's Press Center.

The Role:

The GRC Security Analyst is responsible for assessing, analyzing, and mitigating risks associated with the organization's information security posture. This role will play a crucial part in ensuring compliance with regulatory requirements and protecting sensitive data.

The GRC Security Access and Governance Analyst is responsible for designing, implementing, and maintaining the frameworks and controls that govern how users — both internal and external — access DailyPay's systems, data, and infrastructure. This role sits at the intersection of security, compliance, and operations, ensuring that the right people have the right access at the right time, while protecting sensitive data and maintaining alignment with regulatory requirements.

If this opportunity excites you, we encourage you to apply even if you do not meet all of the qualifications.

How You Will Make an Impact:

Risk Assessment

• Conduct regular risk assessments to identify and evaluate potential threats and vulnerabilities

• Analyze security controls, policies, and procedures to identify gaps and weaknesses

• Develop risk matrices and prioritize risks based on likelihood and impact

• Access Governance

  • Design and maintain access governance frameworks, policies, and procedures to ensure appropriate and least-privilege access across all systems and platforms

  • Oversee user provisioning, deprovisioning, and access modification processes to ensure timely and accurate execution

  • Conduct and manage periodic user access reviews and certifications, ensuring individuals hold access privileges appropriate to their roles and responsibilities

  • Identify and remediate segregation of duties (SoD) conflicts and other access control violations

  • Partner with the IAM team to continuously improve access governance processes, tooling, and automation

  • Assist in the implementation and maintenance of IAM systems(Okta, ConductorOne) and processes

  • Certify access reviews and recommend changes as needed

• Compliance Management

  • Ensure compliance with relevant regulatory and industry frameworks (e.g. SOC2, ISO 27001, PCI DSS, SOX 404, GDPR, CCPA)

  • Develop and maintain compliance documentation and evidence

• Policy Development and Enforcement

  • Assist in the development, implementation, and maintenance of information security policies including building relevant procedures to meet policy objectives

  • Ensure adherence to established policies and procedures by conducting regular audits and reviews

  • Identify and address non-compliance issues

• Security Controls

  • Assist in the development, implementation, and maintenance of security controls

  • Review and evaluate the effectiveness of existing controls

  • Identify and address control deficiencies

• Incident Response

  • Contribute to incident response plans and procedures related to information security incidents

  • Assist in the investigation and remediation of security incidents

What You Bring to The Team:

• 3+ years of experience in a GRC or information security role

• Experience with Identity & Access Management tools

• Experience working with business process owners

• Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience)

• Strong understanding of SOX access control principles and best practices

• Knowledge of risk management frameworks

• Experience in a regulated public company is preferred

• Demonstrated ability to manage medium complex projects

• Certification in CISA or CISSP preferred

• Strong interpersonal and communication skills, with the ability to collaborate effectively

What We Offer:

• Exceptional health, vision, and dental care

• Opportunity for equity ownership

• Life and AD&D, short- and long-term disability

• Employee Assistance Program

• Employee Resource Groups

• Fun company outings and events

• Unlimited PTO

• 401K with company match

#BI-Remote #LI-Remote

Compensation Range: $73K - $109K