APCO Holdings partners with dealerships across North America to deliver innovative vehicle protection products and services that enhance the ownership experience for customers and drive growth for our partners. Through our family of brands, we bring together industry expertise, technology, and data-driven insights to help dealers strengthen their finance and insurance performance and build lasting relationships with their customers.
Our teams work collaboratively across operations, technology, risk, finance, marketing, and sales to deliver solutions that create measurable value and support the continued growth of APCO and the partners we serve.
We are looking for a Senior Security Risk & Compliance Analyst to support and strengthen APCO’s security governance, risk, and compliance (GRC) initiatives. In this role, you will help drive compliance efforts, assess security controls, identify risks, and support the organization’s ongoing commitment to maintaining a strong security posture and regulatory compliance.
What You'll Do
Security Compliance & Governance
Collaborate across departments to ensure alignment with security compliance frameworks and regulatory requirements (SOC 2, NYCRR, FTC Safeguards Rule, etc.)
Conduct security control mapping and compliance reconciliation activities
Support the development, implementation, and maintenance of security policies, standards, and procedures
Monitor and assess the effectiveness of security controls and compliance initiatives
Risk Assessment & Mitigation
Identify, assess, and prioritize security risks across systems, processes, and operations
Partner with stakeholders to develop remediation plans and mitigation strategies
Provide recommendations on security best practices and control implementations
Conduct regular security audits and compliance assessments
Reporting & Documentation
Maintain documentation related to audits, risk assessments, remediation efforts, and compliance activities
Prepare reports and dashboards on compliance status, risks, KPIs, and trends for leadership
Track remediation efforts and support continuous improvement initiatives
Security Awareness & Collaboration
Support development and delivery of security awareness and training programs
Promote a culture of security awareness and accountability across the organization
Stay current on emerging threats, technologies, and evolving regulatory requirements
What Makes You Successful
You’ll be successful in this role if you’re highly analytical, detail-oriented, and passionate about security governance and compliance. You’re comfortable evaluating risks, identifying gaps, and collaborating across teams to strengthen security controls and processes.
You’re also a strong communicator who can translate complex compliance and security concepts into actionable guidance for both technical and non-technical stakeholders. You thrive in fast-paced environments and enjoy balancing strategic thinking with hands-on execution.
Basic Qualifications
Bachelor’s degree in Information Security, Information Technology, or a related field
8+ years of experience in IT security or related fields
5+ years of experience in risk management and regulatory compliance
5+ years of experience supporting or leading SOC 2 compliance efforts
Strong understanding of security frameworks, controls, and regulatory requirements
Preferred Qualifications
Professional certifications such as CISSP, CISM, or CISA
Experience with compliance frameworks and regulations such as SOC 2, NYCRR, and FTC Safeguards Rule
Experience conducting audits, risk assessments, and remediation tracking
Experience working in regulated industries such as insurance or financial services
This Role Might Be a Great Fit If You…
Enjoy identifying risks and improving security processes
Thrive in cross-functional, collaborative environments
Like balancing technical security concepts with governance and compliance
Are motivated by protecting systems, data, and organizational integrity
What We Offer
Competitive compensation
Comprehensive medical, dental, and vision benefits
401(k) with company match
Paid time off and company holidays
Opportunities for professional growth and certification support
A collaborative and security-focused work environment