At Shutterfly, we make life’s experiences unforgettable. We believe there is extraordinary power in the self-expression. That’s why our family of brands helps customers create products and capture moments that reflect who they uniquely are.

This is an exciting time to join Shutterfly’s Information Security team and play a key role in advancing the Information Security Program. As an Information Security Governance Risk and Compliance (GRC) Analyst, you will assist with projects related to compliance, risk management, third-party risk, privacy support, policy evolution, and security awareness. Your contributions will elevate Shutterfly’s GRC capability.

Responsibilities include overseeing information security practices, reviewing risk assessments, and ensuring compliance with regulatory standards. Collaborating with teams, you'll strengthen the company's security posture while safeguarding sensitive data and assets. Active participation in third-party risk management is essential, involving assessments of external vendors and partners. Additionally, you'll handle security questionnaires and assessments from external parties, showcasing our commitment to maintaining a robust security environment. This will be a hybrid position.

What You’ll Do Here: 

  • Assist in executing project tasks related to compliance, risk management, third-party risk, privacy support, policy evolution, and security awareness.
  • Actively participate in third-party risk management by assessing the security posture of external vendors and partners, implementing risk mitigation measures, and fostering secure third-party relationships.
  • Handle security questionnaires and assessments from external parties, providing accurate and timely responses to demonstrate Shutterfly’s commitment to maintaining a robust security environment.
  • Conduct phishing training and champion awareness for employees, equipping them with the knowledge and skills to identify and respond effectively to potential phishing attempts, thereby bolstering the organization's overall security resilience.
  • Engage control owners (of varying information security acumen & expertise) and key stakeholders across the organization to collect and test evidence and assess compliance to various compliance requirements (e.g. HITRUST, SOC2/Type II).
  • Proactively stay informed of industry and media research to keep current of the latest security issues, threats, and technical capabilities.

The Skills You’ll Bring: 

  • 1-3 years of Information Technology and/or Information Security experience focusing on compliance assessments, risk assessments, and/or technology audits
  • Demonstrated familiarity of a broad range of technical concepts: logical access control, network security, encryption, application security, and privacy
  • Strong organizational skills with ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem as a team-player with a can-do attitude
  • Strong written and verbal communication skills and ability to interface with all levels of business and executive leadership
  • Familiarity of compliance frameworks such as PCI, SOC2/Type II, HIPAA, HITRUST, CCPA, GDPR and industry frameworks including ISO 27001/2, NIST CSF, etc.

It is helpful, but not required to have: 

  • Bachelor of Science and/or Master’s in CIS/MIS/CS/CE, Engineering/Technology or related field or equivalent experience/training
  • Experience with interpreting results of scanning tools such as Qualys or Nessus as it pertains to documenting information security risk(s)
  • Information security consulting experience or substantial cross-functional responsibilities.
  • CISSP, CISA, CISM, GIAC or equivalent, proven experience and desire to achieve one of more of these certifications in the near future.
  • AWS Cloud Practitioner Certification and/or desire to achieve this certification within 6 months of hire.
Supporting a diverse and inclusive workforce is important to Shutterfly not only because it directly reflects our value of Embracing our Differences, but also because it’s the right thing to do for our business and for our people. Learn more about our commitment to Diversity, Equity and Inclusion at Shutterfly DE&I.
This position will accept applications on an ongoing basis until filled.