As a member of MoneyGram’s IT team, you’ll work on a variety of engaging and innovative projects. We are a global company which provides very marketable experience working in a global environment, looking at the internationalization of working in the digital areas of the business, becoming exposed to managing risk/privacy, and adhering to GDPR and all global security guidelines. We operate with a scrum model, so our teams gain a strong understanding of the business, finance, and risk components related to their work. Working in Financial Technology offers the opportunity to broadly impact products that are used.
Information Security Analyst (GRC)
What are the qualifications that will help you achieve success at MoneyGram?
- Growth Mindset
“What drew me to MoneyGram was the opportunity to work in an entirely different vertical—Financial Services, and to leverage my technical background and knowledge. I’ve learned to be successful at MoneyGram, collaboration is key. It is much easier to be successful and productive working together cross functionally than it is to work within a singular team. Different perspectives, skillsets and objectives will create better solutions in the long run.”Veronica Larson, Head of IT Service Management
How MoneyGram Works
Send Money Online.
Learn More >
Send money to bank accounts & mobile wallets.
Learn More >
MoneyGram supports ongoing professional development through continued education and on-the-job experience.
The Information Security Analyst will conduct risk assessments and analysis of existing access to systems, applications, databases, and data to ensure that access is appropriate, and separation of duties does not exist. The Information Security Analyst participates in projects and works with business units to provide requirements on implementation of controls. The incumbent will provide support of systems that are used by the team to conduct access reviews and maintain privileged accounts. This support will include configuration of systems, analysis of output from these systems, and initiating jobs from these systems.
As a member of Info Security GRC Compliance team,
- Ensures compliance in the areas of SOX, SOC, GDPR, PCI, HIPAA, and other Global Regulations by ensuring IT controls are operating effectively and controls deficiencies are tracked and remediated in timely manner.
- Conducts and/or coordinates access reviews of systems and applications with data stewards to ensure access is appropriate and separation of duties exists.
- Collaborates with development and other functional areas to address vulnerabilities within systems/applications.
- Conducts risk assessments on vendors and internal applications.
- Creates reports that are issued to the business owners and works with the business owner and vendor to address findings.
- Reports on key metrics.
- Provides support with 3rd party due diligence from customers and partners
- Acts as liaison to auditors (internal and external).
- Provides support for the control environment over the secure password vault.
- Collaborates with third party vendors on conducting penetration testing of internal and external network, as well as all identified applications and systems.
- Investigates alerts and works with business units on remediation.
- Tracks and works on remediation of audit findings.
- Coordinates connections of internal systems, applications, and databases into our Access Review and Identity Management tool to provide automation to access reviews and user provisioning.
- Monitors and enforces information privacy and security policies and procedures for cloud compliance
- Performs other duties as assigned.
- Any combination of relevant education and experience and/or related professional designations/certifications in this field is highly desirable.
Education - Minimum Required:
- BA/BS degree
- 4+ years' Information Security or equivalent experience in a distributed computing environment to include indepth knowledge of applications and systems.
- 2-4+ years’ experience in working with IT Controls in at least 2 of the following - SOX, PCI, SOC1, SOC2, ISAE 3402 or ISO 27001 reports
- 2-4 years’ IT Audit experience preferred
- Industry certification CISA, CISM, CIA, CISSP, AWS Security Cloud Certifications or working toward a certification a plus
- Experience in working in governance, risk and controls over cloud environments such as AWS, GCP, and Azure is a plus.
- Knowledge of business impact analysis methodologies.
- Significant technology experience.
- Experience working with a GRC Tool
- Strong analytical and problemsolving skills.
- Ability to adapt to potentially everchanging situations and ability to work well under pressure.
- Knowledge of policy, standards and procedure documentation, and policy maintenance.
- Ability to present self in a confident and professional manner.
- Ability to deal with all levels of individuals, internal and external.
- Experience with Microsoft Office (Word, Excel, PowerPoint, etc.)
- Excellent communication skills, both written and verbal.
- Excellent customer service skills.
- Outstanding analytical skills and ability to synthesize situations for corresponding solutions.
- Ability to communicate to technical teams in a clear, concise format.
- Self-starter; demonstrates personal initiative and willingly assumes responsibility and ownership.
- Strong organizational and time management skills.