Security Risk & Compliance Analyst

About The Position

Requirements

• 5+ years of experience in information security, audit, compliance, or IT risk roles
• Knowledge of cybersecurity controls, IT systems, and data protection concepts
• Familiarity with frameworks such as NIST, CIS Controls, or ISO 27001
• Strong attention to detail and ability to manage multiple priorities
• Proficiency in Excel, PowerPoint, SharePoint, Teams, and related collaboration tools
• Excellent written, verbal, and interpersonal communication skills

Nice To Haves

• Experience with GRC platforms such as OneTrust, LogicGate, ServiceNow GRC, or TeamMate (formerly Standard Fusion), preferred
• Exposure to vendor risk management tools like SecurityScorecard or BitSight, preferred
• Understanding of privacy and data protection regulations, including HIPAA, NYDFS and CCPA, a plus
• Certifications such as Security+, CISA, CRISC, or ISO 27001 Foundations, a plus

Responsibilities

• Conduct IT and cybersecurity risk assessments across systems, applications, and business processes
• Maintain and track the centralized IT risk register and support remediation planning
• Lead SOC 2, HIPAA, NYDFS and internal audit readiness and response efforts
• Support security policy management, annual reviews, and compliance monitoring
• Perform third-party vendor security reviews and risk assessments
• Help develop dashboards, reporting, and key risk indicators (KRIs) for leadership visibility
• Support security awareness initiatives, compliance training, and process improvements

Benefits

• medical
• dental
• vision
• life and disability coverage
• 401(k)
• generous PTO