Senior Cyber Risk & Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, Accounting, Business, or related discipline (Relevant professional experience may be considered in lieu of a degree)
• 7+ years of experience in cybersecurity risk, IT risk, internal controls, compliance, or audit‑adjacent roles.

Nice To Haves

• Demonstrated experience directly supporting or leading portions of external audits (not just preparing background materials).
• Proven track record of independently owning workstreams and driving them to completion.
• Proven experience leading organizations through certification across multiple cybersecurity frameworks, including ISO/IEC 27001, CMMC and comparable regulatory or industry standards.
• Experience with GRC tools (Drata)
• Strong understanding of: Cybersecurity risk management concepts, IT controls and control evidence expectations, Audit workflows and external auditor interaction.
• High personal accountability with the ability to manage multiple concurrent deliverables.
• Clear, concise written and verbal communication, especially in audit and leadership contexts.
• Comfortable pushing back, probing gaps, and escalating when needed.
• Self‑starter who requires minimal hand‑holding.
• Execution‑focused: prioritizes closure over coordination.
• Detail‑oriented without losing sight of deadlines and outcomes.
• Exposure to SOX‑level environments.
• Prior experience working in fast‑paced, global organizations with distributed stakeholders.
• Holder of certifications (e.g., CISA, CRISC, CISM, CISSP, CIA, Security+, etc.)

Responsibilities

• Serve as a day‑to‑day execution lead for external and internal audits (SOX‑equivalent, operational audits, cybersecurity reviews).
• Own audit evidence collection, validation, and submission, ensuring materials are complete, accurate, and audit‑defensible.
• Proactively track open audit items, drive follow‑ups, and escalate risks early when timelines or control performance is at risk.
• Communicate directly with external auditors and internal stakeholders, providing clear, structured updates and resolving questions efficiently.
• Manage assigned cybersecurity risks end‑to‑end, including: Risk documentation and tracking, Control gaps and remediation activities, Owner follow‑ups and closure verification.
• Actively challenge incomplete or weak responses and push issues to resolution, rather than passively tracking them.
• Contribute to risk reviews related to external exposure, penetration testing results, and security control effectiveness.
• Independently own governance deliverables such as: Control evidence packages, Risk summaries and issue trackers, Status updates for leadership and auditors.
• Maintain clear documentation and evidence trails suitable for repeatable audits and regulatory scrutiny.
• Support enterprise initiatives tied to SOX-level controls, audit remediation, and cyber risk transparency.
• Operate as a lead individual contributor, coordinating across IT, Infrastructure, Security, Finance, and third‑party vendors.
• Build credibility with technical and non‑technical stakeholders through clarity, follow‑through, and consistent delivery.
• Model strong accountability and raise issues early when dependencies or ownership gaps emerge.

Benefits

• medical
• dental
• vision coverage
• life and disability insurance
• retirement plan
• paid time off (vacation, sick, company holidays)
• 401(k) with employer match
• EAP assistance