Who we are
At Fortis Games we aspire to make great games that bring people together while redefining how game companies work. We believe in building a sense of belonging through our games, their communities, and how we operate and treat each other. Through our game communities, we will create powerful connections and lasting memories. We will foster a culture of diversity, equity and belonging where together our diverse skills, experiences and backgrounds impact the games we make.
We are an early but mighty organization with a leadership team of game industry veterans. There are many opportunities for you to have a big impact on the products we'll be making as well as the overall direction of the company. If you're passionate about tackling difficult problems with direct and thoughtful communication and team first mentality, we may be the right place for you.
About the Role
We are looking for a GRC Analyst to help maintain and improve our Governance Risk and Compliance programs. You will support the delivery of IT and InfoSec initiatives, assist with risk assessments, and help ensure that policies, standards, and controls are consistently applied. Your work will help safeguard our systems, manage compliance obligations, and strengthen our security posture.
What You Will Do
- Use OneTrust modules such as ITRM, TPRM, EPM, and Compliance Automation to manage risks, track obligations, and streamline workflows
- Assist in the day to day operation of GRC programs across
- Vulnerability Management: Track and follow up on vulnerability scans, remediation activities, and exception requests
- Risk and Compliance: Support risk assessments, maintain the risk register, and monitor remediation of control gaps
- Third Party Risk Management: Conduct vendor and application security reviews, assess risk, and support treatment planning
- Awareness and Training: Coordinate role based cybersecurity training, run phishing simulations, and track completion rates
- Policies and Standards: Help draft, review, and maintain cybersecurity policies, standards, and procedures
- Prepare and deliver GRC metrics for IT and InfoSec leadership
- Assist with internal and external audits by gathering evidence and mapping controls
- Conduct Threat and Risk Assessments for both third party vendors and internal applications and systems
What You Will Need
- Minimum 3 years of experience in a cybersecurity, IT risk, or GRC related role
- Minimum 3 years of experience using OneTrust ITRM, TPRM, EPM, and Compliance Automation
- Experience performing TRA assessments for both external vendors and internal applications and systems
- Familiarity with NIST 800 53, ISO 27001, SOX Compliance, GDPR, and SOC 1 and SOC 2 reports
- Understanding of threats and vulnerabilities and their impact on business risk
- Strong written and verbal communication skills with the ability to explain technical and compliance topics to non technical audiences
- Ability to work effectively with internal teams and external vendors to meet deadlines
- Self motivated, detail oriented, and comfortable working in an environment with some ambiguity
Why join us
There are many reasons to join us, but here are a few:
- We strongly believe we are changing how games studios operate and at the core of what we do is making great games that create a connected community
- We're not just about making Games Where You Belong. We're also about building communities where our people belong. That's why Fortis is a thriving environment that celebrates diversity, embraces inclusivity, and fosters growth.
- Build and grow with a seasoned team of accomplished talent who have left an impactful mark in their disciplines, both in and out of gaming
Fortis is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability.
