Governance and Risk Compliance Analyst

Yamaha is seeking to fill a Governance and Risk Compliance Analyst role for our facility in Marietta, GA. This role will collaborate closely with privacy teams, business owners, website teams, and development teams to ensure the successful implementation and management of privacy control measures and cookie consent solutions. Additionally, the position will play a crucial role in our Cyber Governance, Risk, and Compliance (GRC) projects and will be a critical member of the cyber security team and involvement in other cyber security areas like Information security infrastructure, including incident response, system design reviews, as well as provide regular status and service-level reports to management.

What you'll be doing:

  • Support program strategy and projects. Work closely with business owners to explain state control requirements and objectives related to cookie consent and Global Privacy Control (GPC) and Cookie Consent controls. Collaborate with website and development teams to plan, execute, and oversee projects that may include GPC activities. Facilitate communication and collaboration between different teams to ensure alignment with GRC goals.
  • Identify Governance Risk and Compliance security improvement opportunities and drive business GRC requirements across North America Divisions and Business units including General Privacy Control. Maintain accurate records of compliance activities, risk assessments, and project progress. Prepare comprehensive reports and documentation for internal and external stakeholders.
  • Manage project timelines, budgets, and resources effectively to ensure project success. Define project scope, goals, and deliverables and ensure they align with business needs and compliance requirements. Coordinate with third-party vendors and consultants as needed to support project goals.
  • Conduct risk assessments and develop mitigation strategies to address potential issues. Review Contract language to ensure compliance with company standards. Stay up to date with industry trends and best practices in privacy control and cookie consent management.
  • Support other Cyber security team activities to ensure GRC compliance Identify opportunities for process improvement and efficiency in GRC-related activities. Collaborate with colleagues to develop and implement best practices.
  • Administer GRC tools as need to support ongoing compliance tracking and overall Cyber security enterprise risk reporting.
  • Strong ability to take ownership of technical challenges, lead expert in troubleshooting, and ability to work independently.
  • Proven ability to collaborate with infrastructure, application, and business groups/departments. Excellent presentation and communication skills.
  • Demonstrated success in providing technical leadership, oversight, and guidance to meet corporate information security policies, practices, and standards.
  • Excellent communication and interpersonal skills to work effectively with cross-functional teams and stakeholders.
  • Collaborate with team members to overall technical cybersecurity solution.
  • Manage the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing management with a realistic overview of Cyber GRC risks and threats in the enterprise environment.
  • Interface with Business units to consult on security requirements and drive best practices.
  • Responsible to make daily decisions to support operational processes and/or project objectives.
  • Responsible to make daily decisions to support cybersecurity incidents and ensure incident handling meets GRC processes and requirements.
  • Responsible to make decisions to enable incident response process/procedures.
  • Responsible to make decisions to escalate issues to management.
  • Other duties as assigned.


What you need to be successful:

  • Bachelor's degree in Computer Science, Information Technology, Telecommunications, or equivalent work experience.
  • Minimum of 5 years work experience with some of the following: networking, intrusion detection/prevention systems (IDS/IPS), identity management, endpoint security, cloud access security brokers (CASB), security information event management (SIEM), data loss prevention (DLP), and encryption technologies.
  • 5 or more years cybersecurity risk management and compliance experience
  • 5 or more years in managing, developing, implementing, and maintaining cybersecurity technologies, products, and operational processes.
  • Strong understanding of privacy regulations and compliance standards (e.g. CCPA, CPRA, NIST, CSF).
  • Knowledge of CIS Critical Security Controls, OWASP Top 10, NIST Cybersecurity Framework, and ISO 27001/2
  • Understanding of IAM concepts, including federation, authentication, authorization, access controls, access control attacks, identity, and access provisioning life cycle.
  • CISSP or equivalent certification a plus
  • CRISC (Certified Risk and information Systems Control) desired
  • CAP (Certified Authorization Professional) a plus
  • CIPM or CIPP/e privacy certifications a plus

Don't meet every single requirement? Studies have shown that women and underrepresented minorities are less likely to apply to jobs unless they meet every single qualification. At Yamaha, we understand that talent comes in various forms, as such we are dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles!

What's in it for you:

  • 401(k) and Profit Sharing
  • Fertility Benefits
  • 37.5 hour work-week
  • Medical, Dental, Vision
  • Life and AD&D Insurance
  • Wellness Program
  • Short-Term Disability Coverage (for hourly roles)
  • Long-Term Disability
  • Student Debt Repayment Benefits
  • Ability to borrow Yamaha product


Reports to: Senior Manager Cyber Security

Yamaha Motor Corporation, USA is proud to be an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identify, national origin, veteran or disability or any other status protected by federal, state, or local law. We celebrate diversity and are committed to creating an inclusive environment for all employees.