IT Risk & Security Analyst II or III

About The Position

Requirements

• minimum 2-4/+years' experience in cybersecurity, risk, and/or information security, to include:
• Working with NIST 800-53 controls
• Writing and managing security policies and standards
• Background in IT Governance, Risk, and Compliance (GRC)
• Working with control owners and validate control implementation
• Bachelor or International Equivalency degree in Cybersecurity, Computer Science, Electrical Engineering, Information Systems, or closely related field of study; or equivalent work experience (Two years’ relevant work experience is equivalent to one-year college)
• Associate Degree in Computer Science, Electrical Engineering, Information Systems, or closely related field of study + 2 years additional experience

Nice To Haves

• Experience in HIPAA-regulated environments
• Experience in supporting SOC 2, HITRUST, or NIST CSF programs
• CISM, CRISC, CISSP, or similar industry-related

Responsibilities

• Manage the lifecycle of IT security policies and standards
• Coordinate with business and technical policy owners to maintain and update policies
• Map policies and controls to NIST 800-53 and other applicable frameworks
• Perform control validation and compliance reviews
• Supports audits and regulatory assessments
• Track remediation and ensure policy exceptions and risk acceptances are documented

Benefits

• We offer a robust package of benefits including paid time off, paid holidays, community service and self-care days, medical/dental/vision/pharmacy insurance, 401(k) matching and non-contributory plan, life insurance, short and long term disability, education reimbursement, employee assistance plan (EAP), adoption assistance program and paid family leave program.
• We will adhere to all relevant state and local laws concerning employee leave benefits, in line with our plans and policies.