IT GRC Analyst

Kura Sushi USA • Irvine, CA, US • $75k - $90k / year • 2w ago

Kura Sushi USA is a publicly traded U.S. company established in 2008 as a subsidiary of Kura Sushi, Inc. We are an innovative and tech interactive Japanese restaurant chain serving up the ultimate eater-tainment dining experience with a combination of premium ingredients, advanced technology, and affordable prices to create a one-of-a-kind revolving sushi dining experience.

Come join the Kura Krew!

We have and exciting opportunity for an IT GRC Analyst to join our growing team. As the IT GRC Analyst, you will assist the IT GRC Manager in providing guidance and assistance to cross-functional peers and senior management in designing, implementing and administering IT solutions used throughout Kura Sushi’s business, as well as assisting in developing/implementing strong cybersecurity practices. The IT GRC Analyst will assist the IT GRC Manager in managing the Company’s relationships with several outsourced IT compliance service providers and assist in establishing a scalable and compliant IT environment to support the Company’s technology landscape. Additionally, the IT GRC Analyst will gain comprehensive knowledge of the Company’s disparate information systems to help management, identify and deliver efficient, integrated, customer-first IT solutions across the organization relating to enterprise governance and compliance activities. The IT GRC Analyst will require a proficient knowledge and understanding of end-to-end business process, security frameworks (including domains such as access management and data protection), regulatory compliance (e.g., SOX, PCI, etc.) and technology standards, procedures, guidelines and; possess proficient knowledge of administrative and technical security control assessments and be able to assist the IT GRC Manager in preparing and communicating compliance issues.

This role is a hybrid role. The selected candidate must be able to come to the office in Irvine, CA on in office days and as needed to carry out necessary functions of the role.

ESSENTIAL DUTIES:

Assists in building a strong IT compliant environment including guiding and mentoring direct and indirect team members.
Assists cross-functional members in implementing processes such as IT governance, risk, and compliance activities to automate and facilitate continuous monitoring of information security controls, exceptions, risks, and testing.
Assists in liaising with Internal Audit members to ensure appropriate controls over IT design while assisting the IT GRC Manager with the IT Director and cross-functional members to facilitate operational efficiencies relating to:
Systems Development Life Cycle (SDLC)-New and existing systems
Security management
Change management
Cybersecurity
Other IT activities
Assists in developing reporting metrics, dashboards, and obtain and retain evidence.
Assists the IT GRC Manager in providing guidance to the IT Director for building the organization’s cybersecurity strategy to ensure Kura IT team is proactively identifying/addressing relevant security gaps, compliant with internal policies and external regulatory requirements, and improving our overall security posture and program.
Collaborates with cross-functional business and technology teams to ensure security strategies and initiatives aligned with business objectives.
Assists the IT GRC Manager in providing guidance to the IT Director in developing the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.
Assist in facilitating and monitoring compliance related to the SDLC, security and change management processes.
Facilitates the coordination, development and implementation of security awareness compliance programs and education.
Assists the IT GRC Manager in managing, coordinating, and partnering with business units during the systems development life cycle activities and analyzes new processes to ensure they are properly implemented.
Assists in evaluating IT process deficiencies and makes recommendations for recommended design improvements.
Assists the IT GRC Manager in providing guidance to the IT Director in the development of IT policies and procedures and ensures aligned with company goals and updated as necessary while ensuring IT documentation meets company standards and applicable regulatory requirements.
Presents issues of IT non-compliance.
Attends continuing professional education to keep abreast of IT regulations, emerging risks and strategies.
Assists the IT GRC Manager in presenting progress and initiatives on a monthly basis based on annual plan.
Perform other projects assigned by the IT GRC Manager.
Seeks on-going improvement or more cost- efficient and effective solutions in work processes of the department.
Researches and develops resources that create timely and efficient workflow.
Performs special projects and other miscellaneous duties as assigned by executive management or supervisor.
Follows up to complete any assigned work.
Maintains high ethical standards in the workplace.
Reports all irregular issues and problems to supervisor.
Maintains good communication with all Kura team members and outside parties.
Complies and maintains confidentiality of all company policies and procedures.
Maintains a clean and safe working area.

QUALIFICATIONS AND EDUCATION/EXPERIENCE

Bachelor's degree in computer science, information technology, or a related field with at least 3 years of related GRC experience.
Ability to work under pressure.
Excellent analytical and troubleshooting skills.
Demonstrates ability to articulate business cases for identified technology solutions.
Communicates confidently with executive management, corporate support personnel, cross-functional peers, and product/services providers at appropriate technical levels for each and liaises with Internal Audit to ensure appropriate IT General Controls (ITGC).
3 or more years of experience in information technology for multi-location restaurant and/or retail businesses.
Familiar with dashboard creation
Familiarity with security auditing processes
Experience performing information security audits or risk assessments.
Skills in documenting risk and compliance activities
Excellent leadership and people management skills.
Strong technical background.
Information security related training or certifications such as CISSP or CRISC.

PAY RANGE: $75,000 - $90,000/yr. DOE.