Security & Privacy Analyst

Apps AssociatesUnited States,

About The Position

Apps Associates is seeking a Security & Privacy Analyst to support the organization's information security, privacy, compliance, and governance programs. This role will partner closely with the Director of Information Security & Corporate Governance and serve as a key contributor to maintaining and enhancing the company's security and privacy posture. The ideal candidate possesses experience in information security, privacy, compliance, audit, risk management, or governance and enjoys working across multiple disciplines. This position offers the opportunity to support a mature security and privacy program while gaining exposure to customer compliance, audits, risk management, privacy operations, AI governance, and emerging technologies.

Requirements

  • 3–5 years of experience in information security, privacy, compliance, governance, audit, risk management, or a related field.
  • Working knowledge of information security principles and controls.
  • Familiarity with security, privacy, and compliance frameworks and regulations, including HIPAA, PCI DSS, FERPA, GDPR, CCPA/CPRA, or similar requirements.
  • Strong organizational, analytical, and documentation skills.
  • Excellent written and verbal communication skills.
  • Ability to manage multiple priorities in a fast-paced environment.
  • Ability to work independently with limited supervision.
  • Proficiency with Microsoft Office applications, including Excel, Word, and PowerPoint.

Nice To Haves

  • Experience supporting SOC 1, SOC 2, ISO 27001, or similar compliance frameworks.
  • Experience with vendor risk management and customer security questionnaires.
  • Familiarity with privacy assessments, data mapping, and data governance activities.
  • Experience with governance, risk, and compliance (GRC) platforms.
  • Knowledge of artificial intelligence (AI) technologies, AI governance frameworks, privacy considerations, and emerging regulatory requirements (e.g., ISO 42001, EU AI Act) is highly desirable.
  • Security+, CCSK, CIPP, CIPM, CRISC, CISA, or similar certifications.
  • Experience within a professional services, consulting, or technology organization.
  • Strong attention to detail and follow-through.
  • Ability to work independently and collaboratively.
  • Sound judgment and professionalism when handling sensitive and confidential information.
  • Curiosity and willingness to learn across security, privacy, governance, compliance, and AI disciplines.
  • Strong customer service mindset and ability to communicate effectively with technical and non-technical stakeholders.
  • High degree of integrity, ethics, and accountability.

Responsibilities

  • Support the organization's information security and compliance programs.
  • Assist with customer security assessments, questionnaires, and due diligence requests.
  • Support annual audits and certifications, including SOC and ISO-related activities.
  • Collect, organize, and maintain compliance evidence and documentation.
  • Assist with policy development, maintenance, and periodic reviews.
  • Monitor regulatory, contractual, and customer security requirements.
  • Support compliance with applicable privacy regulations, including GDPR, CCPA/CPRA, and other data protection requirements.
  • Coordinate Data Subject Access Requests (DSARs) and other privacy-related requests.
  • Maintain Records of Processing Activities (RoPA) and privacy documentation.
  • Participate in Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
  • Support vendor privacy reviews and data protection agreement tracking.
  • Assist with privacy incident documentation and response activities.
  • Support third-party risk management and vendor assessments.
  • Assist with risk assessments and remediation tracking.
  • Maintain governance, risk, and compliance records and reporting.
  • Support security and privacy metrics, reporting, and dashboards.
  • Assist with implementation and administration of governance, risk, and compliance (GRC) platforms.
  • Coordinate security and privacy awareness initiatives.
  • Assist with compliance training administration and tracking.
  • Develop communication and awareness materials to promote security and privacy best practices.
  • Partner with Security, Legal, Contracts, Human Resources, IT, and business teams to support compliance objectives.
  • Assist with customer and vendor contract reviews related to security and privacy requirements.
  • Participate in internal projects to ensure security and privacy considerations are appropriately addressed.
  • Support customer, vendor, and audit inquiries as needed.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service