Analyst, IT Goverance, Risk and Compliance

About The Position

Requirements

• Familiarity with compliance frameworks such as SOC 2, ISO 27001, and NIST.
• Experience with GRC tools (e.g., Vanta, OneTrust) preferred.
• Strong understanding of IT security principles, risk management, and regulatory requirements.
• Excellent communication, organizational, and analytical skills.
• Ability to work collaboratively across teams and manage multiple priorities.

Nice To Haves

• Certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer are a plus.

Responsibilities

• Support the ongoing SOC 2 and ISO 27001 compliance programs, including evidence gathering, control testing, and remediation tracking.
• Assist with the administration of the Vanta platform, ensuring security controls are properly mapped, automated tests are functioning, and evidence is current.
• Conduct periodic risk assessments, documenting risks, evaluating impact/likelihood, and supporting mitigation planning.
• Draft, maintain, and review security policies, standards, and procedures to align with regulatory requirements and industry best practices.
• Support the third-party vendor risk management process, including security questionnaire reviews and vendor monitoring.
• Assist with responding to client and regulatory security questionnaires.
• Track compliance tasks, follow up with stakeholders, and provide status reporting to GRC leadership.
• Contribute to security awareness and training initiatives, reinforcing a culture of compliance.
• Stay current with evolving compliance requirements, standards, and frameworks relevant to the business.
• Comply with all company policies and procedures.
• Maintain regular and punctual attendance.
• Perform other related duties as assigned.