Wait, What Do You Do?

<h2>Job Overview:</h2> As a Security GRC Analyst I, you will play an important role in supporting and strengthening AvidXchange’s information security governance, risk, and compliance program. You will collaborate with teams across the organization to support audits, security awareness initiatives, reporting, risk assessments, and related compliance efforts. This role will contribute to a broad range of operational GRC activities, helping improve cybersecurity visibility, risk management, and program maturity across the organization. <h2>What You’ll Do:</h2> <h3>Security Awareness</h3> <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Support administration of AvidXchange’s security awareness and phishing simulation program in KnowBe4, including training assignments, campaign design, and coordination. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Assist with building creative cybersecurity awareness communications, campaigns, and recurring outreach activities designed to engage a wide range of teammates and cyber knowledge levels. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Monitor participation, phishing, and engagement metrics to measure program effectiveness and identify improvement opportunities. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Contribute to ongoing enhancement of awareness content to keep training engaging, relevant, and aligned with emerging threats. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Enhance and support our Security Champion Program to empower security-focused individuals to make a difference in their team. </li> </ul> <h3>Risk, Assessment & Audit Support</h3> <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Assist with cybersecurity risk assessments, audits, and third-party/vendor reviews. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Coordinate assessment and audit efforts through documentation, evidence gathering, and cross-functional collaboration. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Track remediation items, risk findings, audit observations, and follow-up efforts across teams. </li> </ul> <h3>Metrics, Reporting, & Communications</h3> <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Develop and maintain cybersecurity metrics, dashboards, and reporting tailored to technical teams, leadership, and executive audiences. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Create visualizations, presentations, and other deliverables using tools such as Power BI, Excel, and PowerPoint. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Coordinate recurring reporting activities related to risk committees, audits, awareness initiatives, and operational metrics. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Analyze data to identify meaningful trends, gaps, and opportunities for program improvement. </li> </ul> <h3>General GRC Operations</h3> <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Maintain cybersecurity documentation, policies, standards, repositories, and other governance materials. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Assist with customer and vendor due diligence activities, including questionnaire responses, customer assurance communications, and trust center maintenance. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Coordinate business continuity and incident response preparedness efforts, including tabletop exercises and related operational initiatives. </li> </ul>   <h2>What We’re Looking For:</h2> <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> 1 – 3 years of experience in cybersecurity, including exposure to one or more of the following areas: <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> risk management (including third-party/vendor) </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> compliance and control frameworks </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> audit and assessments </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> security awareness programs </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> reporting, analytics, or operational support functions </li> </ul> </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Experience developing reports, dashboards, presentations, or visualizations using tools such as Excel or Power BI. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Strong verbal and written communication skills, with the ability to communicate effectively with technical and non-technical stakeholders. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Strong analytical and problem-solving skills, with the ability to identify risks, organize information, and support risk and compliance efforts. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Excellent organizational skills, with the ability to manage multiple priorities, deadlines, and cross-functional initiatives. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Comfortable working collaboratively across technical, operational, and business teams. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Familiarity with industry frameworks and regulations (e.g., NIST, NYDFS, SOC 1/2, PCI, ISO 27001) and comfort mapping controls to requirements. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Experience with or exposure to LogicGate or other GRC/TPRM tools. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Self-motivated and curious, with interest in cybersecurity, risk management, and evolving industry trends. </li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> Relevant certifications such as Security+, ISC2 CC, CISA, or similar certifications are preferred. </li> </ul><div class="content-conclusion">  About AvidXchange AvidXchange is a leading provider of accounts payable (“AP”) automation software and payment solutions for middle-market businesses and their suppliers. By trade, we are a technology company, but if you ask anyone who works here, they’ll tell you our people are at the core of who we are. At AvidXchange, mindset is everything. We are Connected as People, Growth Minded, and Customer Obsessed. These three mindsets represent our culture – who we are, who we’ve always been, and they guide us to improve every day. Since our founding in 2000 in Charlotte, NC, we’ve created a company of over 1,500 teammates working across the U.S., or remotely. AvidXchange is proud to be Certified™ as a <a href="https://www.greatplacetowork.com/certified-company/7007980" target="_blank">Great</a> <a href="https://www.greatplacetowork.com/certified-company/7007980" target="_blank">Place to Work</a>®. The prestigious recognition is based on anonymous data from our teammates and makes official what our teammates have known for years – that AvidXchange is a Great Place to Work®.  Who you are:  <ul type="disc"> <li style="line-height: 28px;">A go-getter with an entrepreneurial mindset – that means you are not afraid of taking risks, winning big or facing the unknown. </li> <li style="line-height: 28px;">Someone who understands that business is people centric. Connecting with others as humans first allows you to develop mutually beneficial working relationships. </li> <li style="line-height: 28px;">Focused on making a difference for our customers. AvidXchange exists to help solve complex problems for our customers so we can all realize our potential. </li> </ul> What you’ll get:   AvidXchange teammates (we call them AvidXers) get the perks and prestige of a growing tech company paired with the flexibility of a founder-led startup. We help our AvidXers develop as professionals and as human beings, providing work/life balance, development programs, and competitive benefits. At AvidXchange, we are building more than a tech company – we are building an experience. We remain committed to a culture where you can fully be 'you’ – connected with others, chasing big goals, and making a meaningful impact. If you want to help us grow while realizing your potential and creating stories you’ll tell for years, you’ve come to the right place. AvidXers enjoy:   <ul type="disc"> <li style="line-height: 28px;">18 days PTO* </li> <li style="line-height: 28px;">11 Holidays (8 company recognized & 3 floating holidays) </li> <li style="line-height: 28px;">16 hours per year of paid Volunteer Time Off (VTO) </li> <li style="line-height: 28px;">Competitive Healthcare </li> <ul type="circle"> <li style="line-height: 28px;">High Deductible Heath Plan Option that has $0 monthly premium for teammate-only coverage </li> <li style="line-height: 28px;">100% AvidXchange paid Dental Base Plan Coverage</li> <li style="line-height: 28px;">100% AvidXchange paid Life Insurance </li> <li style="line-height: 28px;">100% AvidXchange paid Long-Term Disability </li> <li style="line-height: 28px;">100% AvidXchange paid Short-Term Disability  </li> <li style="line-height: 28px;">Employee Assistance Program (EAP) - Provides counseling services, legal and financial consultations and health advocacy for Teammates and their eligible dependents</li> <li style="line-height: 28px;">Onsite Health Clinic with Atrium Health - available to Teammates and their eligible dependents</li> </ul> <li style="line-height: 28px;">401(k) Match: 100% match on the first 3% of your salary, plus 50% match on the next 2%</li> <li style="line-height: 28px;">Parental Leave: 8 weeks 100% paid by AvidXchange** </li> <li style="line-height: 28px;">Discounts on Pet, Home, and Auto insurance </li> <li style="line-height: 28px;">WeeCare Childcare Service: helps teammates find affordable daycare, childcare, and tutors 40% less expensive than traditional daycare centers </li> <li style="line-height: 28px;">Perks at Work: free discount program that provides teammates the opportunity to save on items from electronics, movie tickets, car buying, vacations, and more </li> <li style="line-height: 28px;">Onsite gym fitness center, yoga studio, and basketball court</li> <li style="line-height: 28px;">Tuition Reimbursement up to the federal maximum of $5,250***</li> <li style="line-height: 28px;">Hybrid Workplace Flexibility</li> <li style="line-height: 28px;">Free parking</li> </ul> *Fully granted from beginning of year, pro-rated if hired mid-year  **Must be full-time for at least 3 months ***Must be full-time for at least one year  Equal Employment Opportunity AvidXchange is an equal opportunity employer. AvidXchange is committed to equal employment opportunity in accordance with applicable federal, state, and local laws. AvidXchange will not discriminate against applicants for employment on any legally recognized basis. This includes, but is not limited to veteran status, race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age and physical or mental disability. </div>