Technology keeps the world moving - It’s no different here at Hot Topic. We are looking to add a Senior Analyst IT Security Compliance who is responsible for implementing and maintaining the information security compliance management framework and program. This position will be part of Information Security and work with IT, business, e-commerce, legal and business units to meet our compliance requirements.
We are seeking a GRC (Governance, Risk, and Compliance) Analyst to support and enhance our internal security programs and processes. This role is primarily focused on owning and improving core GRC processes, including third-party risk management, access governance, and policy management.
The ideal candidate will have experience building and operating security processes that align with compliance requirements (e.g., PCI) and are sustainable in day-to-day operations, with the ability to support audits as needed.
This role will be onsite 2 days per week in our City of Industry, CA office.
Pay range is $100,000 - 115,000.
Please note the pay range for this position starts as listed in the job posting, but other factors such as an individual’s education, location, meeting the minimum job requirements for the role, training, and experience, will determine the final salary for potential new hires.
At this time, we are not able to support new employment-based visa sponsorships due to current business needs and resource limitations. Should our sponsorship capabilities change in the future, we will update our process accordingly.
Own and manage core GRC processes, including User Access Reviews (UAR), third-party/vendor risk management, and security policy and procedure lifecycle
Develop, maintain, and operationalize security policies, standards, and procedures, ensuring alignment with regulatory requirements and industry frameworks (e.g., PCI, NIST)
Translate policies into practical procedures and controls, partnering with IT and business teams to ensure effective implementation
Conduct internal security reviews and assessments to identify vulnerabilities, compliance gaps, and process improvement opportunities, and drive remediation efforts
Support access governance processes, ensuring appropriate access controls, least privilege, and periodic review cycles
Participate in the vendor risk assessment process, including security reviews and contract/security requirement evaluations
Prepare and deliver reports, metrics, and training/awareness programs, and act as a trusted advisor to stakeholders on security best practices and ITGC concepts
Support security audits (PCI-DSS, SOX ITGC, application controls) by coordinating evidence collection, responding to requests, and assisting with remediation planning.
Minimum of 5+ years of experience in information security, GRC, compliance, IT audit, or security risk management, with exposure to security control processes and governance programs
Relevant certifications such as CISSP, CISM, CISA, CRISC, or similar are required
Demonstrated experience in designing, implementing, and maintaining security controls and processes, including areas such as access governance (UAR), third-party/vendor risk management, and policy/procedure development
Strong understanding of risk management principles, including risk identification, control selection, and risk treatment
Experience supporting internal and external audits, including working with auditors, gathering evidence, and contributing to remediation efforts
Familiarity with IT General Controls (ITGC), including access controls, change management, and control validation concepts
Experience with cloud security controls across platforms such as AWS, Azure, GCP, or Oracle Cloud
Exposure to application security (web and/or mobile) concepts and controls
Bachelor’s degree in Information Security, MIS, Computer Science, Cybersecurity, or a related field (Master’s preferred)
Hot Topic Hq - City Of IndustryFull-timesenior
