Electronic Arts

We are EA

And we make games – how cool is that? In fact, we entertain millions of people across the globe with the most amazing and immersive interactive software in the industry. But making games is hard work. That’s why we employ the most creative, passionate people in the industry.

Technology Group 

We fuel the engine that enables us to make world class games.

We power the services and platforms that inspire the world to play.

We secure our information and services that support fair play and customer trust.

We develop technology services that accelerate productivity and improve capabilities across the business.

GRC Analyst

• The IT Governance, Risk and Compliance (GRC) Analyst is responsible for supporting day-to-day activities across EA’s Security Governance, Risk and Compliance programs.
• The GRC Analyst will work under the guidance of the GRC Security Operations Manager to assist with the Third-Party Security Risk Assessment program. The job involves participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The candidate will document assessment results, recommend corrective actions, track remediation, evaluate policy and control standard exceptions, and report to management.
• The candidate should have foundational knowledge of various multi-platform operating systems and databases. This position will also involve process improvements, overcoming barriers to success, building professional relationships across EA Security pillars, and briefing senior leaders.

Key responsibilities 

• Assist in reviewing and assessing technical security controls for third-party vendors, primarily around logical network architecture.
• Help develop and implement processes around risk identification, assessment, and remediation, including issues management, exception management, vendor risk management, policy management, and security incident and vulnerability response.
• Support GRC efforts for information risk, network security, and system security by conducting analysis and aiding in the improvement of risk management capabilities.
• Help manage EA’s policy exceptions, identifying rationale and risks underlying exception requests, evaluating the effectiveness of compensating controls, and making recommendations.
• Coordinate and participate in the creation and maintenance of IT policies and network security standards, such as network perimeter security standards and remote access.
• Participate as a subject matter expert on governance and project management teams to ensure risk and compliance are integrated into all projects and initiatives.
• Assist in coordinating the ITGC design for in-scope applications – SOX IT.

Experience and skills:

• This role requires a variety of strengths and capabilities, including:
• Bachelor’s degree or equivalent experience.
• Two (2) years' experience in information technology is preferred.
• Foundational knowledge in information technology such as hardware, networking, architecture, protocols, file systems, and operating systems. Familiarity with application and/or database development and system administration. Basic understanding of network security architectures (internal/external), firewall technologies, and knowledge of TCP/IP protocol suite (includes secure protocols)

Bonus points:

• Professional certifications in security, privacy risk management and audit areas are highly desirable, such as: CISSP, CRISC, CISM, CISA, CIPP, CIPT, CPA, CAP;
• Passionate about security.
• Experience with NIST Cybersecurity Framework
• Experience with ISO 27001

EA is an equal opportunity employer. All employment decisions are made without regard to race, color, national origin, ancestry, sex, gender, gender identity or expression, sexual orientation, age, genetic information, religion, disability, medical condition, pregnancy, marital status, family status, veteran status, or any other characteristic protected by law. EA also makes workplace accommodations for qualified individuals with disabilities as required by applicable law.