Governance, Risk \u0026 Compliance Analyst

FIGS is looking for an experienced Governance, Risk and Compliance Analyst to join the Cyber Security team. As a member of the Cyber Security team, you will have the opportunity to create as well as to operate. We believe that security is everyone's responsibility so you will influence and learn from as many of the people around you as you can. We also believe in transparency and the sharing of knowledge so everything we do should be defensible and documented. We are looking for someone with an established hands-on cyber GRC background in at least 2-3 environments and has seen a few good ways and a few bad ways to deploy cyber security GRC. Our ideal candidate is a critical thinker, a continuous learner, a communicator and a collaborator. You must be proficient in all steps of the risk management process and security compliance standards and tools. In this role, you will report directly to the Director of Cyber Security.

What you'll do:

• Maintain cyber security document governance including all policies, standards and procedures
• Work daily on creating/maintaining risk register, risk assessments and risk mitigation plans for cyber security with the goal of reducing the impact and likelihood of cyber security risks
• Work with other areas of the business to understand and, sometimes, own cyber risk and mitigations for cyber risk
• Work with Finance and Legal to create a third-party risk program
• Ensure Cyber risk is in line with Enterprise Risk Mgt and insurance
• Coordinate with Internal Audit department, external auditors and internal control owners to track and perform controls related to cyber security pursuant to SOX and PCI (and others in the future) compliance
• Work with Data Team to setup data classification, retention limits, destruction controls
• Contribute to DLP program based on data standards

About you:

• 8+ years of experience within cyber security governance, risk and compliance
• Working knowledge of the broader governance, risk and compliance landscape
• Experience working with third parties to assess risk and compliance with internal and regulatory standards
• Strong analytical and organizational skills that would include hands-on experience with GRC and reporting tools
• In-depth knowledge of and experience with writing and obtaining third party attestations (either SOC2 reports or ISO27001 certifications)
• Minimum of 5 years working with auditors and ensuring compliance with Sarbanes-Oxley Act
• Prior knowledge of and experience with risk frameworks
• Prior experience with documenting, assessing and changing controls to achieve compliance
• Prior experience in conducting a Business Impact Analysis
• Prior experience in documenting Business Continuity and Disaster Recovery Plans
• Any security or risk-focused certifications (e.g. CISSP, GSEC, CCSK, CCSP, CCSE, CISM, CISA, ARM, CRMP, PMI-RMP, CRISC, CIPP, CIPM, CIPT, etc).
• Bonus points if you can calculate risk
• Can be fully remote

What you'll bring:

• Proven work ethic and integrity
• Positive attitude and willingness to teach others how they like to be taught
• Desire to excel, learn, and grow with FIGS
• Aspiration to create change and make an immediate impact
• Entrepreneurial spirit and egoless nature

FIGS Compensation and Benefits

Pay Range

• At FIGS, your base salary is one part of your total compensation package. This role's base salary range is between $101,500 and $145,000. Actual base salary is determined based on a number of factors, including but not limited to your relevant skills, qualifications, and years of experience.

Additional Compensation and Benefits

• Equity: All FIGS employees have the opportunity to own shares of FIGS stock through our new-hire equity program. Additionally, FIGS provides a discount when purchasing FIGS stock voluntarily through our FIGS Employee Stock Purchase Plan
• Annual bonus: This position is eligible to participate in the FIGS annual bonus program

• Other compensation and benefits offered include:
• Comprehensive benefits and perks package focused on your well-being, including premium medical, dental and vision coverage, and full access to wellness services through Ginger, Headspace, and Gympass. 100% FIGS-sponsored life insurance and disability insurance
• Amazing 401(k) program, with a company match up to the first 6% of your contribution
• Generous paid time off - We have 11 company holidays. For salaried team members, we offer flexible vacation. For our hourly team members, we offer up to 3 weeks of accrued vacation
• Meaningful time away for baby bonding, including parental leave, new parent care meals, and a transition back to work for primary caregivers
• FIGS Friends and Family 25% off Discount for FIGS apparel
• Access to FIGS Vet, Discounted Pet Daycare, and so much more...

*Benefits eligibility is determined by hour requirements and length of service

A little bit about us...

FIGS, Inc. is a founder-led, direct-to-consumer healthcare apparel and lifestyle brand that seeks to celebrate, empower and serve current and future generations of healthcare professionals. We redefine what scrubs are by creating technically advanced apparel and products that feature an unmatched combination of comfort, durability, function and style, all at an affordable price. With the largest DTC platform in healthcare apparel, we sell our products to a rapidly growing community of loyal customers. Through these customer relationships, FIGS has built a community and lifestyle around a profession, revolutionizing the large and fragmented healthcare apparel market and becoming the industry's category-defining healthcare apparel and lifestyle brand.

Our Threads for Threads initiative is integral to our mission to improve the lives of healthcare professionals on a global scale. Founded alongside FIGS in 2013, Threads for Threads donates scrubs to healthcare professionals working in resource-poor countries around the world.