Security GRC Analyst I

Here at Scout Motors, we're carrying forward the heritage of one of the most iconic American vehicles in history. A vehicle dating back to 1960. One that forged the path for future generations of rugged SUVs and will do so once again.

But Scout is more than just a brand, it’s a legacy steeped in a culture of exploration, caretaking, and hard work.

The Scout brand is all about respect. Respect for the environment by developing electric vehicles with the capability to get you to any location. Respect for the past and the future by taking an iconic American brand that hasn’t been around for a while, electrifying it, digitizing it, and loading it with American innovation. Respect for communities by creating a company that stands for its people and its customers. And respect for both work and play, with vehicles that are equally at home at a camp site, a job site, or on a Tuesday commute.

At Scout Motors, we empower our talented, inclusive, and entrepreneurial teams to innovate. What makes a Scout employee? Someone who is a visionary and a leader, who seeks new paths and shares lessons learned. A knowledgeable doer who collaborates across the company to build better. A go-getter with unrivaled passion.

Join us at Scout Motors and be part of shaping the future of transportation. If you're ready to drive change and make history, apply now!

Summary 

Scout Motors Inc. (Scout) is hiring a Security Governance, Risk, and Compliance Analyst I that will be responsible for assisting in the development and management of various elements of security governance, risk, and compliance, along with customer trust and privacy. This role will require eagerness and enthusiasm to learn, grow, and build GRC functions/programs alongside senior team members to meet the objectives of the Security Organization. Our ideal candidate for this role will be someone who has 1-3 years of experience in the GRC, customer trust, and privacy space and wants to continue to learn and grow across the GRC space while working for a promising and exciting startup. Additionally, this team member needs to be analytical, data driven, and forward thinking to ensure the privacy, trust, or GRC functions are built to scale the business. This role will be an individual contributor (IC) role with potential for advancement and people management.

What you’ll do

Become part of an iconic brand that is set to revolutionize the electric pick-up truck & rugged SUV marketplace by achieving the following:

• Assist in the development, annual review, and off-cycle requests for security policy and standards.
• Assist in the development and operation of cyber risk management programs, driving the documentation and management of risk treatment.
• Assist in the execution of cyber risk assessments for business processes, technology, and products.
• Provide guidance for the risk treatment/management process to risk owners and team members.
• Help to build functions for the engagement of privacy, trust and GRC programs with customers, employees, and stakeholders to enable “Security-as-a-service” principles and goals.
• Assist in the buildout and management of the GRC tooling and associated data.
• Manage external audits by customers and certification bodies through the audit lifecycle.
• Assist with security IT audits to include evidence lifecycle management, control walkthrough scheduling and execution, and the documentation and management of control corrective action plans.
• Assist with and manage the development of security compliance programs for industry security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001//27701/21434, TISAX, GDPR, CPRA, NIST CSF, etc.).
• Make recommendations to management regarding programs, processes, etc.
• Provide support and mentor others on the team, sharing insights, knowledge, and experience.
• Engage in team-building events, community engagement, team off-sites, peer-review & management review cycles and activities.

Location & Travel Expectations:

• This role will be based out of the future Scout Motors corporate headquarters, which is anticipated to be identified in 2025. This role may be remote to start but will transition to an in-office setting at the headquarters after the location is determined. This role is not eligible for remote work in New York City.
• The responsibilities of this role require attendance in office with in-person meetings and events regularly. 
• Applicants should expect that the role will require the ability to convene with Scout colleagues in person and travel to participate in events on behalf of the company from time to time.

What you’ll bring 

We expect all Scout employees to have integrity, curiosity, resourcefulness, and strive to exhibit a positive attitude, as well as a growth mindset. You’ll be comfortable with change and flexible in a fast-paced, high-growth environment. You’ll take a collaborative approach to achieve ambitious goals. Here's what else you'll bring: 

• Bachelor’s degree in computer science, Information Systems Management, Cybersecurity, Information Assurance or related field or equivalent relevant experience.
• 1-3 years of technical professional experience in IT audit, IT risk management, or security governance.
• Experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc.).
• High-level understanding and experience in security risk management activities (risk analysis, risk assessments, risk reporting, treatment etc.).
• Experience across multiple security domains (access management, change management, security operations, etc.).
• Strong knowledge of at least one industry accepted information security frameworks (e.g. SOX ITGCs, AICPA TSC [SOC 2], TISAX, ISO 27001, GDPR, CCPA, NIST CSF, etc.).
• Experience with public cloud hosting providers (AWS, Azure, and/or GCP).
• Experience supporting GRC functions within third-party tooling platforms (RSA Archer, Standard Fusion, ServiceNow, Hyperproof, etc.).
• Strong working knowledge of Microsoft Office and Google Workspace.
• Desire to obtain one or more industry accepted information security certifications (CISA, CISSP, CRISC, CCSK, CIPPP, etc.).
• Strong communication and critical thinking skills, attention to detail, and experience collaborating cross-functionally with stakeholders

What you'll gain

The benefits of joining Scout include the chance to build products and a company from the ground up.  This is a chance to create something new and lasting – with an iconic brand at its foundation.  In addition, Scout provides competitive compensation and benefits to support your physical, mental, and financial wellbeing. Program specifics are detailed in company policies and employee benefit guides, select highlights:

• Competitive insurance including:
  • Medical, dental, vision and income protection plans
• 401(k) program with:
  • An employer match and immediate vesting
• Generous Paid Time Off including:
  • 20 days planned PTO, as accrued
  • 40 hours of unplanned PTO and 14 company or floating holidays, annually
  • Up to 16 weeks of paid parental leave for biological and adoptive parents of all genders
  • Paid leave for circumstances related to bereavement, jury duty, voting time, or military leave

Pay Transparency

This is a full-time, exempt position eligible to receive a base salary and to participate in an annual performance bonus program. Final salary offered will be determined based on factors including but not limited to the candidate's skills and experience. The annual performance bonus program is preset and not candidate dependent.

Initial base salary range = $90,000.00 - $112,500.00

Internal leveling code: IC10

Notice to applicants:

• Residing in San Francisco: Pursuant to the San Francisco Fair Chance Ordinance, Scout Motors will consider for employment qualified applicants with arrest and conviction records. 
• Residing in Los Angeles: Scout Motors will consider for employment qualified applicants with criminal histories in a manner consistent with the Los Angeles Fair Chance Initiative for Hiring Ordinance. 
• Residing in New York City: This role is not eligible for remote work in New York City.

 

Equal Opportunity

Scout Motors is committed to employing a diverse workforce and is proud to be an Equal Opportunity Employer. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, disability, pregnancy, or any other characteristics protected by law. Scout Motors is committed to compliance with all applicable fair employment practice laws. If you require reasonable accommodation to complete a job application, pre-employment testing, or a job interview or to otherwise participate in the hiring process, please contact ScoutAccommodations@scoutmotors.com.