The Information Security Risk & Compliance Analyst is responsible for overseeing and managing cyber controls and various information security risk and compliance activities. This role involves performing third-party security vendor diligence, collaborating with internal and external stakeholders to conduct assessments, and identifying cyber risks.
* Monitor and manage cyber controls and other information security risk and compliance deliverables.
* Conduct third-party security vendor diligence with confidence.
* Liaise with internal and external business stakeholders to perform assessments and identify cyber risks.
* Collaborate closely with compliance, technology teams, and the wider business to manage and mitigate cybersecurity and technology risks.
* Maintain and improve the Information Security Management System (ISMS), policies, standards, and processes.
Must Haves -
* Bachelor’s degree in IT, Computer Science, or related field (preferred)
* Knowledge of regulatory requirements (e.g., GDPR, CCPA, SOX, PCI)
* Familiarity with security controls and technologies (firewalls, IDS/IPS, vulnerability scanners, SIEM)
* Strong analytical skills for risk identification and assessment
* Excellent communication and interpersonal skills for stakeholder collaboration
* Ability to work independently and manage multiple priorities in a fast-paced environment
* Ethical mindset with a commitment to confidentiality and data privacy
* Experience in implementing risk and compliance programs and driving organizational change
* Proven ability to lead cross-functional teams and manage projects
* Professional certifications (e.g., CISA, CISSP, CRISC) are highly preferred
* Willingness to travel as needed