Controls & Compliance Senior Analyst-Hybrid

Who We Are

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for ten consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

Reporting to the Manager of InfoSec GRC, the Senior Analyst is responsible for supporting enterprise-wide governance, risk, and compliance strategies ensuring alignment with regulatory requirements and cybersecurity best practices. This role is responsible for performing self-assessments, control testing, issue lifecycle management, and support of the GRC program to strengthen the organization’s risk posture. This role is hybrid in office three days a week in Santa Ana, CA.

What You'll Do

• Assist with security assurance activities, including control design evaluations, walkthroughs, and control effectiveness testing aligned with regulatory and framework requirements (e.g., NIST CSF, ISO 27001, SOX, SOC2, FFIEC CAT).
• Perform testing of security controls, including coordination with internal audit, external assessors, and business stakeholders.
• Perform analysis on control activities that reduce risk, add value, and mature the control environment.
• Perform Information Security risk assessments, including risk identification, evaluation, and prioritization, to support informed decision-making and resource allocation.
• Collaborate with business units and technology teams to assess the impact and likelihood of cybersecurity threats.
• Provide support of issue lifecycle, including issue identification, root cause analysis, remediation planning, tracking, validation, and closure, ensuring timely and effective resolution of risk and compliance gaps.
• Provide subject matter expertise and guidance for Information Security policies and standards.
• Leverage GRC tools (e.g., Archer, ServiceNow GRC, LogicGate) to automate risk management workflows and enhance reporting capabilities.
• Maintain data within system of record which tracks issues, engagements, and metrics that are communicated throughout the organization.
• Support KPI/KRI’s to facilitate risk prioritization and articulation for the enterprise and senior leadership reporting.
• Assist in the development, maintenance, and implementation of GRC tools and processes to streamline and automate GRC activities.
• Develop and maintain GRC program documentation.
• Stay current on emerging threats, industry trends, and regulatory changes proactively adjust GRC strategies.
• Provide excellent customer service in support of program activities.
• Frequently interfaces with executives to resolve critical issues and to foster a productive professional network.
• Ensures the timeliness, quality, and consistency in the delivery of products and services.
• Required to perform duties outside of normal work hours based on business needs.

What You'll Bring

Knowledge and Skills/Technology Used

• BA/BS degree in Computer Information Systems, Computer Science or equivalent experience is required. Training courses, seminars, certifications, or other security related education experience preferred 
• 5+ years of experience in technology, Information Security GRC.
• Certifications such as CISM, CRISC, CISSP, or CGEIT preferred.
• Strong knowledge of Information Security and risk management frameworks (NIST, ISO, COBIT, CIS.)
• Familiarity with GRC platforms and data analytics tools for risk management.
• Experienced in managing multiple initiatives with strong organization and prioritization skills
• High attention to detail to manage, analyze and finalize artifacts and documents
• Highly developed oral and written communication skills; strong presentation skills
• Highly flexible, adapting to changes in priorities and requirements
• Team player with positive energy and good customer service skills
• Self-motivated, demonstrates initiative, and accountability of responsibilities

Salary Range: $95,350.00 - $127,125.00

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

What We Offer

By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.