GRC Risk Analyst

About SHEIN 

SHEIN is a global online fashion and lifestyle retailer, offering SHEIN branded apparel and products from a global network of vendors, all at affordable prices. Headquartered in Singapore, with more than 15,000 employees operating from offices around the world, SHEIN is committed to making the beauty of fashion accessible to all, promoting its industry-leading, on-demand production methodology, for a smarter, future-ready industry. 

 

Position Summary

SHEIN Global Security and Risk Management (GSRM) is a global security organization that oversees security infrastructure, risk management, data privacy, business fraud, governance, and regulatory compliance across SHEIN’s global footprint. It is composed of a team of security professionals, innovators and thought leaders that have had decades of global security experience, led large scale transformations, and served in Fortune 500 executive roles.

We're seeking a full-time GRC Risk Analyst I for our Los Angeles-based corporate office, who will be a thought leader residing within our security organization. The GRC Risk Analyst will be responsible for implementing and maintaining the risk management framework and program. This position will be part of a team of governance, risk, and compliance experts and work with technology and legal partners and business units to meet our global risk management needs.

The ideal candidate should have extensive experience in conducting security risk assessments, a deep understanding of general security technologies and best practices, and practical knowledge of global data privacy laws and regulations. This role must collaborate effectively with development, engineering and operations counterparts as well as internal and external partners to identify, articulate, prioritize, manage, and monitor security risks to protect SHEIN data, services, and information assets.

 

Job Responsibilities

• Conduct security and privacy risk assessments of business units, critical projects, processes, and information assets to address threats, changes to systems and/or applications, process improvement initiatives, and other related business needs.
• Conduct third-party risk assessments including gathering information and conducting interviews to complete third-party security questionnaires, ensuring that all external partnerships meet the organization's security requirements and security reviews of third-party agreements.
• Work closely with technology and legal partners and business units to ensure appropriate security and data protection requirements are incorporated into third-party engagements.
• Document, track, monitor, and report risk assessment and risk management activities to bring appropriate visibility to stakeholders and leadership.
• Maintain a current and comprehensive understanding of relevant industry standards to incorporate into the risk management strategy, framework, and program.
• Collaboratively work with colleagues globally to develop, implement, and mature security and privacy risk, compliance, and control frameworks.

 

Job Requirements

• 5+ years of experience in security risk management, including business impact analysis, risk assessment and treatment, risk metrics and trend analysis is preferred.
• Bachelor’s degree or higher in the field of information security, engineering, computer science or equivalent advance technology field of study is preferred.
• Relevant certifications, such as CISSP, CIPP, CISM, CISA, ISO 27001 Lead Auditor are highly desired.
• Strong knowledge of security and privacy standards, regulations and guidelines such as ISO 27k, NIST, CCM, PCI DSS, GDPR, CCPA
• Experience developing and deploying risk management frameworks and programs, preferably with international experience in an e-commerce or technology related industry
• Experience with deploying GRC tools is desirable
• Practical knowledge and experience working with threat modeling frameworks such as STRIDE, MITRE ATT&CK, OCTAVE desirable
• Strong analytical and problem-solving skills
• Strong written and verbal communication skills, with the ability to translate complex and technical issues to all levels of personnel
• Detail oriented and highly organized, with the ability to thrive in a fast-paced environment and prioritize accordingly
• High level of personal integrity, with the ability to professionally handle confidential matters and exudes the appropriate level of judgment and maturity

 

Benefits and Perks 

• Bonus and RSU eligible
• Healthcare (medical, dental, vision, prescription drugs) 
• Health Savings Account with Employer Funding 
• Flexible Spending Accounts (Healthcare and Dependent care) 
• Company-Paid Basic Life/AD&D insurance 
• Company-Paid Short-Term and Long-Term Disability 
• Voluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident) 
• Employee Assistance Program 
• Business Travel Accident Insurance 
• 401(k) Savings Plan with discretionary company match and access to a financial advisor  
• Vacation, paid holidays, floating holiday and sick days   
• Employee discounts 
• Free weekly catered lunch 
• Dog-friendly office (available at select locations) 
• Free gym access (available at select locations) 
• Free swag giveaways 
• Annual Holiday Party 
• Invitations to pop-ups and other company events 
• Complimentary daily office snacks and beverages

#LI-CR1