Security Risk & Compliance Analyst
New
United States, Central or Eastern U.S. time zones preferred.Full-TimeMiddle
Salary$120,000 to $140,000
Apply NowOpens the employer's application page
Job Details
- Experience
- 5+ years
- Required Skills
- Microsoft ExcelRisk ManagementHIPAA
Requirements
- 5+ years of experience in information security, cybersecurity governance, IT risk management, audit, or compliance.
- Strong understanding of cybersecurity principles, security controls, IT infrastructure, and data protection best practices.
- Experience working with security and compliance frameworks such as NIST, CIS Controls, or ISO 27001.
- Knowledge of regulatory requirements including HIPAA, NYDFS, CCPA, or similar privacy and compliance standards.
- Experience with Governance, Risk, and Compliance (GRC) platforms such as OneTrust, LogicGate, ServiceNow GRC, or TeamMate.
- Familiarity with third-party risk management tools such as SecurityScorecard or BitSight.
- Proficiency with Microsoft Excel, PowerPoint, SharePoint, Teams, and other collaboration tools.
- Excellent analytical, organizational, communication, and stakeholder management skills.
- Industry certifications such as Security+, CISA, CRISC, or ISO 27001 Foundations are a plus.
Responsibilities
- Conduct IT and cybersecurity risk assessments across systems, applications, and business processes to identify, evaluate, and mitigate security risks.
- Maintain and enhance the organization's centralized IT risk register while tracking remediation efforts and collaborating with stakeholders to address identified risks.
- Lead and support audit readiness activities for frameworks and regulatory requirements, including SOC 2, HIPAA, NYDFS, and internal compliance initiatives.
- Manage security policies by coordinating reviews, monitoring compliance, and recommending updates to strengthen governance practices.
- Perform third-party vendor security assessments and evaluate external risks associated with business partners and service providers.
- Develop dashboards, reports, and key risk indicators (KRIs) to provide leadership with actionable visibility into the organization's security posture.
- Support security awareness programs, compliance training initiatives, and continuous improvement efforts across the business.
View Full Description & ApplyYou'll be redirected to the employer's site