Senior GRC Cybersecurity Analyst – Remote (Part/Full‑Time) – $80,000 Annual Salary – Governance, Risk & Compliance Leadership at arenaflex

About arenaflex – Pioneering the Future of Digital Entertainment & Security

arenaflex is a global leader in creating immersive digital experiences that delight millions of fans every day. While our core business revolves around storytelling, gaming, and interactive media, we recognize that the backbone of every magical experience is a robust, secure, and compliant technology environment. Our commitment to safeguarding data, protecting intellectual property, and ensuring regulatory compliance drives us to attract top‑tier talent who can blend strategic governance with hands‑on cybersecurity expertise. As a remote‑first organization, arenaflex empowers its employees to work from anywhere in the United States while staying connected to a vibrant, collaborative community of innovators.

Position Overview

arenaflex is seeking an experienced Governance, Risk & Compliance (GRC) professional to join our Cybersecurity team as a Senior GRC Cybersecurity Analyst. This role is pivotal in guiding risk‑related activities, managing third‑party risk, and ensuring that our internal compliance frameworks align with industry standards such as ISO 27001, SOC 2, and SSAE 18. The successful candidate will act as a trusted advisor to business stakeholders, lead the execution of risk assessments, and continuously improve our security posture across the organization.

Key Responsibilities

• Third‑Party Risk Management (TPRM): Operate arenaflex’s TPRM platform to evaluate, approve, and monitor third‑party risk assessments, ensuring that all vendor engagements meet our stringent security criteria.
• Risk Assessment Coordination: Validate incoming risk assessment requests, collaborate with business owners to define scope, and drive the completion of due‑diligence questionnaires.
• Documentation & Reporting: Record findings, remediation plans, and audit evidence in arenaflex’s compliance systems; produce clear, concise reports for senior leadership.
• Stakeholder Engagement: Serve as the primary liaison between the Cybersecurity team and internal business units, answering risk‑related inquiries and facilitating risk‑acceptance decisions.
• Continuous Monitoring: Track the status of open risk items, update findings, and ensure timely closure of identified gaps.
• Process Improvement: Identify opportunities to streamline risk management workflows, propose enhancements to arenaflex’s GRC tools, and champion best‑practice adoption.
• Compliance Program Leadership: Lead the development and delivery of compliance training, communications, and awareness initiatives across the organization.
• Regulatory Vigilance: Stay current on evolving regulations, industry standards, and emerging threats; translate changes into actionable recommendations for arenaflex.
• ISO 27001 & SOC 2 Governance: Maintain and audit the organization’s ISO 27001 certification, ensuring ongoing alignment with the standard’s controls and objectives.

Essential Qualifications

• Minimum 4 years of hands‑on experience in third‑party risk management, information security, or audit & compliance tracking.
• Demonstrated expertise in risk assessment methodologies (both qualitative and quantitative) and familiarity with frameworks such as ISO 27001, SOC 2, SSAE 16/18.
• Proven ability to manage complex stakeholder relationships, influence decision‑makers, and communicate risk concepts to non‑technical audiences.
• Strong analytical and problem‑solving skills, with a track record of delivering actionable insights from large data sets.
• Excellent written and verbal communication abilities; experience preparing executive‑level presentations and reports.
• Ability to thrive in a fast‑paced, remote work environment while maintaining high levels of organization and self‑discipline.

Preferred Qualifications & Certifications

• Bachelor’s degree in Computer Science, Information Systems, Business Administration, or a related field (or equivalent professional experience).
• Professional certifications such as CISA, CRISC, CISSP, ISO 27001 Lead Implementer or equivalent.
• Experience working within a large, matrixed organization or a major accounting firm.
• Exposure to AI/ML concepts and their impact on risk management is a plus.
• Hands‑on experience with GRC platforms (e.g., ServiceNow GRC, RSA Archer, or similar).

Core Skills & Competencies

• Risk Management: Ability to assess, prioritize, and mitigate risks across technology, vendor, and business domains.
• Regulatory Knowledge: Deep understanding of privacy, data protection, and security regulations relevant to the entertainment and digital media industry.
• Project Management: Capability to plan, schedule, and execute risk‑related initiatives on time and within scope.
• Collaboration: Strong interpersonal skills to work effectively with cross‑functional teams, including legal, finance, product, and engineering.
• Technical Acumen: Familiarity with cloud environments, network security, and emerging threat vectors.
• Continuous Learning: Commitment to staying current on industry trends, new compliance frameworks, and best practices.

Why Join arenaflex?

At arenaflex, you’ll be part of a purpose‑driven culture that values creativity, integrity, and continuous improvement. Our remote‑first policy gives you the flexibility to design your own workday while staying connected through regular virtual meet‑ups, collaborative tools, and occasional in‑person events at our headquarters. We invest heavily in professional development, offering tuition reimbursement, certification sponsorship, and access to a rich library of learning resources.

Career Growth & Development

• Clear career pathways from analyst to senior manager, director, and executive leadership within the GRC and cybersecurity domains.
• Mentorship programs pairing you with seasoned security leaders across arenaflex.
• Opportunities to lead high‑visibility projects that shape the company’s risk strategy.
• Cross‑functional exposure to product, engineering, legal, and finance teams, broadening your business acumen.

Compensation, Perks & Benefits

arenaflex offers a competitive base salary of $80,000 per year, complemented by a comprehensive benefits package that includes:

• Health, dental, and vision insurance with multiple plan options.
• 401(k) retirement plan with company match.
• Generous paid time off, holidays, and sick leave.
• Flexible work schedule and remote work stipend for home‑office setup.
• Wellness programs, mental‑health resources, and employee assistance services.
• Annual performance bonus based on individual and company results.
• Employee discount on arenaflex entertainment products and services.

Work Environment & Culture

Our culture is built on the belief that “the magic happens when people feel safe, inspired, and empowered.” We foster an inclusive environment where diverse perspectives are celebrated, and every team member is encouraged to bring their authentic self to work. Collaboration is at the heart of everything we do—whether you’re brainstorming risk mitigation strategies with engineers or presenting findings to senior leadership, you’ll experience a supportive network that values your contributions.

Application Process

If you are a proactive, detail‑oriented GRC professional with a passion for protecting digital experiences, we want to hear from you. To apply, click the link below, submit your resume, and include a brief cover letter highlighting how your background aligns with the responsibilities and qualifications outlined above.

Apply Now – Join arenaflex’s Cybersecurity Team!

Closing Statement

arenaflex is committed to building a world‑class security function that safeguards the imagination of millions while enabling innovative growth. By joining our team, you will play a critical role in shaping the future of risk management and compliance for a leading entertainment technology company. Take the next step in your career—apply today and become part of the magic.