Senior Analyst, Cybersecurity Governance Risk & Compliance

Are you ready to take your cybersecurity expertise to the next level? We are looking for a Senior Analyst, Cybersecurity Governance Risk & Compliance to join our dynamic team. In this role, you will play a critical part in assessing and managing security controls, supporting governance and risk initiatives, and driving compliance-related client requests. This is an exciting opportunity to shape the future of cybersecurity and work on impactful projects in a collaborative and innovative environment.

What You’ll Do:

• Review and understand the organization’s IT Risk Management framework, policies, standards, and procedures.
• Develop a deep understanding of the security controls structure to create or revise standard responses for client questionnaires (e.g., SIG).
• Prepare and respond to compliance requests, including referencing evidentiary artifacts and documentation.
• Complete external information security assessments, track remediation efforts, and monitor assessment queues.
• Coordinate with external assessors and internal subject matter experts to address compliance inquiries and share security artifacts.
• Assist in refining processes for completing information security control assessments.
• Support metrics collection and reporting for the Information Security Program, analyzing the effectiveness of security controls.
• Track findings and remediation efforts related to information security assessments, GRC processes, and vendor due diligence.
• Contribute to the creation of GRC-related processes, procedures, and supporting documentation.
• Collaborate with InfoSec, Privacy, and GRC management to report on the status of security projects and compliance initiatives.
• Manage multiple deadlines and inquiries with exceptional organizational skills and attention to detail.
• Help evolve and streamline GRC solutions, processes, and procedures.
• Complete other tasks as assigned to support the team’s strategy and goals.

What You Bring:

• Strong understanding of risk management concepts, frameworks, and standards (e.g., NIST, ISO, COBIT).
• Experience with the NIST Cybersecurity Framework and auditing security controls outlined in NIST SP800-171 and SP800-53A.
• Demonstrated experience working with internal and external auditing firms.
• Solid knowledge of information security concepts, technologies, and due diligence documents (e.g., SOC II Type II, ISO 27001, SIG questionnaires, and penetration tests).
• Proficiency in MS Outlook, Word, Excel, Visio, and PowerPoint.
• Strong communication skills with the ability to collaborate across diverse teams.
• Experience analyzing IT and security control requirements and related technology processes.

Qualifications:

• Bachelor’s degree in a relevant field (required).
• At least 5 years of experience in information technology and information security.

Why Join Us?

This is more than just a role; it’s an opportunity to shape cybersecurity practices in an environment that values innovation, professional growth, and collaboration. Alongside a competitive salary, we offer a comprehensive benefits package, including:

• Medical, dental, vision, life insurance, and long-term care.
• Generous PTO and 10 paid holidays per year.
• Family support benefits, including parental leave, fertility benefits, child care, and tutoring.
• Professional development programs to help you grow your career.
• Retirement planning, lifestyle spending accounts, and wellness programs.
• Transportation and commuter benefits.
• Employee discounts and more!

About Us:

We’re committed to fostering an inclusive and collaborative environment where employees are empowered to make a meaningful impact. If you’re passionate about cybersecurity governance, risk, and compliance, we’d love to hear from you!