Senior GRC Analyst

Rockstar Games is seeking a passionate Senior GRC Analyst to join their Security team in NYC. This full-time, in-office role involves assessing and leading information security risk, with a focus on third-party vendor management. The analyst will identify, track, report, and mitigate risks, ensuring alignment with organizational and industry standards. Responsibilities include evaluating vendor security posture, maintaining vendor inventory, defining security requirements, coordinating with stakeholders, and assisting with policy development and security awareness training.

Must Have

• Evaluate the security posture of suppliers, vendors, and third-party service providers.
• Maintain up-to-date inventory of third-party vendors and risk log.
• Recommend and define specific security requirements and guidelines for third-party vendors.
• Coordinate with business stakeholders, engineering, and IT teams to ensure appropriate access controls and secure integration.
• Assist with the development and maintenance of policies and procedures related to vendor risk management.
• Assist in the review of vendor contracts to ensure appropriate security clauses.
• Participate in the cross-functional software clearance working group.
• Support managing the security request queue.
• Assist in the delivery and continuous improvement of security awareness training.
• Bachelor's degree in Computer Science, Cybersecurity, or related.
• 5+ years of experience in information security, risk management, or cyber supply chain security.
• Industry-recognized certifications such as CISSP, CISA, CRISC.
• Ability to communicate complex technical risk in a simple and understandable manner.
• Strong knowledge and experience across information security domains.
• Deep familiarity with the performance of third party vendor risk management.
• Knowledge of industry frameworks and standards such as ISO27001, NIST, CIS.
• Familiarity with data privacy regulations (e.g., GDPR, CCPA) and diligence activities.
• Familiarity with technologies (hardware, software, protocols) and network security concepts.
• Experience with third-party risk management platforms and exposure to GRC platforms.

At Rockstar Games, we create world-class entertainment experiences.

Become part of a team working on some of the most rewarding, large-scale creative projects to be found in any entertainment medium - all within an inclusive, highly-motivated environment where you can learn and collaborate with some of the most talented people in the industry.

Rockstar is on the lookout for a passionate Senior GRC Analyst who will work with business and technical stakeholders to help assess and lead information security risk. Using your cross-domain cybersecurity expertise, you will help identify, track, report, and mitigate risks. Your focus will be on third party vendor management that aligns with organizational and industry standards.

This is a full-time, in-office position.

WHAT WE DO

• The Rockstar Games Security team is responsible for advancing the state of information security across the company globally in collaboration with numerous partners and stakeholders by prioritizing and executing security initiatives that drive down risk.
• We strive to understand the threat landscape affecting our development studios, the gaming industry, and the world at large to define information security policies, standards and procedures to safeguard our business and protect our players.
• We lead efforts to build enterprise security controls ranging from endpoint protection technologies to security incident and event monitoring solutions.
• We have a passion for identifying threats and vulnerabilities, and coming up with clever solutions to mitigate or remediate those risks.

RESPONSIBILITIES

• Evaluate the security posture of suppliers, vendors, and third-party service providers in coordination with relevant risk functions to identify potential vulnerabilities and threats.
• Maintain up-to-date inventory of third-party vendors and risk log, perform follow-up activities, and engage with stakeholders.
• Recommend and define specific security requirements and guidelines for third-party vendors, proposing controls and mitigation strategies, and validating the implementation of these controls.
• Coordinate with business stakeholders, engineering, and IT teams to ensure appropriate access controls, secure implementation and/or integration with third-party systems and services.
• Assist with the development and maintenance of policies and procedures related to vendor risk management tailored to the company's strategic objectives and regularly updated based on evolving threats and regulations.
• Assist in the review of vendor contracts to ensure appropriate security clauses and requirements are included.
• Participate in the cross-functional software clearance working group to review and assess new software requests.
• Support managing the security request queue, ensuring timely review of incoming requests, alerts, and incidents.
• Assist in the delivery and continuous improvement of security awareness training for new hires by reinforcing security standards and serving as a resource for employee questions.

REQUIREMENTS

• Bachelor's degree in Computer Science, Cybersecurity, or related.
• 5+ years of experience in information security, risk management, or cyber supply chain security.
• Industry-recognized certifications such as CISSP, CISA, CRISC or other relevant certifications.
• Ability to communicate complex technical risk in a simple and understandable manner.
• Strong knowledge and experience across information security domains.
• Deep familiarity with the performance of third party vendor risk management, including methodologies, pitfalls, success factors, and the improvement of associated processes.
• Knowledge of industry frameworks and standards such as ISO27001, NIST, CIS, and familiarity with data privacy regulations (e.g., GDPR, CCPA) and diligence activities leveraged by vendors to evidence security maturity (e.g., penetration testing methodologies).
• Familiarity with technologies — hardware, software, and protocols commonly used in applications and system-to-system communication (e.g., SAML/OAuth) and network security concepts.
• Experience with third-party risk management platforms (e.g., scorecard monitoring) and exposure to GRC platforms.

HOW TO APPLY

Please apply with a resume and cover letter demonstrating how you meet the skills above. If we would like to move forward with your application, a Rockstar recruiter will reach out to you to explain next steps and guide you through the process.

Rockstar is committed to creating a work environment that promotes equal opportunity, dignity and respect. In line with this commitment, Rockstar will provide reasonable accommodations to qualified job applicants with disabilities during the recruitment process in order for such applicants to be considered for the position for which they are applying, as well as to qualified employees to enable them to perform the essential functions of their roles. If you need more information about Rockstar’s reasonable accommodation policies or process, or need to request an accommodation, please contact the Human Resources Department.

If you’ve got the right skills for the job, we want to hear from you. We encourage applications from all suitable candidates regardless of age, disability, gender identity, sexual orientation, religion, belief, race, or any other protected category.

#LI-FT1

The pay range for this position in New York State (inclusive of New York City) at the start of employment is expected to be between the range below* per year. However, base pay offered is based on market location, and may vary further depending on individualized factors for job candidates, such as job-related knowledge, skills, experience, and other objective business considerations. Subject to those same considerations, the total compensation package for this position may also include other elements, including a bonus and/or equity awards, in addition to a full range of medical, financial, and/or other benefits. Details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an "at-will position" and the company reserves the right to modify base salary (as well as any other discretionary payment or compensation or benefit program) at any time, including for reasons related to individual performance, company or individual department/team performance, and market factors.

*NY Base Pay Range

$110,000—$150,000 USD