IT Compliance & Information Security Analyst

About The Position

Requirements

• Risk Assessment, Risk Management, Compliance Professional, Auditing, Information Security
• Senior Specialist with 7+ experience in relevant field.
• Act as a subject matter expert for IT security, risk mitigation, and control implementation.
• Conduct targeted risk assessments aligning the company's security posture with state agency requirements.
• Evaluate risks of non-compliance and assess adherence to standards (e.g., NIST, CSF).
• Oversee the lifecycle of identified security deficiencies.
• Develop and document remediation plans for gaps in state-mandated controls.
• Communicate the organization's risk-handling strategy to state regulators.
• Interpret state cybersecurity regulations and frameworks (e.g., NYDFS, CCPA/CPRA).
• Prepare for "audit-ready" submissions by organizing necessary evidence to support questionnaire responses.
• Translate complex technical architectures into clear responses for state-level inquiries.
• Strategically consolidate global IT regulatory requirements.
• Work closely with Credit Privacy and Compliance Attorneys on IT regulatory requirements.
• Manage user stories and backlogs within JIRA to integrate compliance activities into the technology roadmap.

Responsibilities

• Advance company policy priorities on cybersecurity, cybercrime, lawful access, encryption, and related issues through legislative proposals, administrative, and regulatory actions
• Review and assess cybersecurity and cybercrime laws, policies, and initiatives and analyze impact on organization
• Develop security policies and procedures, drive development of technical solutions to implement policies, and manage third party security risk program including risk standards and processes.
• Advise, review, and ensure security controls and their efficiency for IT infrastructure deployed globally.
• Monitor processes for compliance risk and vulnerabilities and escalate non-compliance issues to key stakeholders.
• Establish and maintain good working relationships with government affairs and public policy representatives of other companies to achieve objectives