What are the responsibilities and job description for the Senior Security Risk and Compliance Analyst position at Nayya?
About Nayya
Founded in 2019, Nayya is on a mission to connect people's most important information, so they can thrive in their health and wealth. Powered by AI and advanced analytics, Nayya's platform transforms complex benefits experiences into intuitive, seamless, and ongoing interactions—meeting people meeting people's real world needs. As a trusted platform and partner to leading employers, benefits solutions, and HR tech providers, Nayya unlocks long-term value through helping employees live more resilient lives. Backed by strategic investors like ICONIQ, Felicis Ventures, SemperVirens, Workday Ventures, MetLife Nextgen Ventures, and ADP Ventures, Nayya is ushering in the future of health and wealth for all.
We are seeking a Senior Security Risk & Compliance Analyst to lead our governance, risk, and compliance (GRC) initiatives. This role will be responsible for ensuring our organization meets regulatory and compliance requirements, managing security policies, assessing risk, and improving overall security posture. You will work closely with cross-functional teams, including Engineering, IT, and Legal, to drive security best practices and maintain trust with our customers and partners.
We are looking for an expert who thrives in an environment that values impatience, excellence, resilience, and courage.
- Develop, implement, and maintain security policies, standards, and procedures aligned with industry best practices (e.g., ISO 27001, SOC 2, NIST, GDPR, HIPAA).
- Lead and manage compliance audits, security assessments, and certifications, ensuring continuous compliance with regulatory and contractual obligations.
- Perform security risk assessments across internal systems, vendors, and third parties, identifying potential risks and recommending mitigation strategies.
- Collaborate with internal teams to enhance security awareness and training programs, fostering a security-first culture.
- Oversee vendor security evaluations and third-party risk management processes.
- Assist in incident response planning and ensure business continuity measures are in place.
- Track security metrics and provide reports to leadership on security risks and compliance status.
- Stay up to date with evolving security regulations, frameworks, and industry trends.
- 3 years of experience in security risk management, compliance, or GRC roles.
- Strong understanding of industry security frameworks such as ISO 27001, SOC 2, NIST, CIS, GDPR, and HIPAA.
- Experience conducting security audits, risk assessments, and policy development.
- Familiarity with vendor risk management and third-party security assessments.
- Excellent communication and collaboration skills, with the ability to translate security concepts for non-technical stakeholders.
- Strong analytical and problem-solving skills.
- Security certifications such as CISSP, CISM, CISA, or CRISC are a plus
- Must be able to work onsite at our office Tuesday through Thursday each week, with the option to work remotely on Mondays and Fridays.
The salary range for New York based candidates for this role is $125,000 - $160,000. We use a location factor to adjust this range for candidates that are located outside of geographic region of our New York office. Placement within the salary band is determined based on experience.
#LI-DD1
#LI-HYBRID
Nayya is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics
Salary : $125,000 - $160,000
