Senior Security Risk & Compliance Analyst
About The Position
APCO Holdings is seeking a Senior Security Risk & Compliance Analyst to support and strengthen the company's security governance, risk, and compliance (GRC) initiatives. This role will be instrumental in driving compliance efforts, assessing security controls, identifying risks, and supporting the organization's commitment to maintaining a strong security posture and regulatory compliance. The analyst will collaborate across departments to ensure alignment with security compliance frameworks and regulatory requirements, conduct security control mapping, and support the development and implementation of security policies and procedures. Additionally, the role involves identifying, assessing, and prioritizing security risks, partnering with stakeholders on remediation plans, and preparing reports on compliance status and risks for leadership. The position also supports security awareness programs and stays current on emerging threats and regulations.
Requirements
- Bachelor’s degree in Information Security, Information Technology, or a related field
- 8+ years of experience in IT security or related fields
- 5+ years of experience in risk management and regulatory compliance
- 5+ years of experience supporting or leading SOC 2 compliance efforts
- Strong understanding of security frameworks, controls, and regulatory requirements
Nice To Haves
- Professional certifications such as CISSP, CISM, or CISA
- Experience with compliance frameworks and regulations such as SOC 2, NYCRR, and FTC Safeguards Rule
- Experience conducting audits, risk assessments, and remediation tracking
- Experience working in regulated industries such as insurance or financial services
- Enjoy identifying risks and improving security processes
- Thrive in cross-functional, collaborative environments
- Like balancing technical security concepts with governance and compliance
- Are motivated by protecting systems, data, and organizational integrity
Responsibilities
- Collaborate across departments to ensure alignment with security compliance frameworks and regulatory requirements (SOC 2, NYCRR, FTC Safeguards Rule, etc.)
- Conduct security control mapping and compliance reconciliation activities
- Support the development, implementation, and maintenance of security policies, standards, and procedures
- Monitor and assess the effectiveness of security controls and compliance initiatives
- Identify, assess, and prioritize security risks across systems, processes, and operations
- Partner with stakeholders to develop remediation plans and mitigation strategies
- Provide recommendations on security best practices and control implementations
- Conduct regular security audits and compliance assessments
- Maintain documentation related to audits, risk assessments, remediation efforts, and compliance activities
- Prepare reports and dashboards on compliance status, risks, KPIs, and trends for leadership
- Track remediation efforts and support continuous improvement initiatives
- Support development and delivery of security awareness and training programs
- Promote a culture of security awareness and accountability across the organization
- Stay current on emerging threats, technologies, and evolving regulatory requirements
Benefits
- Competitive compensation
- Comprehensive medical, dental, and vision benefits
- 401(k) with company match
- Paid time off and company holidays
- Opportunities for professional growth and certification support
- A collaborative and security-focused work environment
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
