This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Security Risk & Compliance Analyst based in United States.
Join a collaborative Information Security team where you'll play a key role in strengthening enterprise cybersecurity, governance, and regulatory compliance. In this fully remote position, you'll help identify and manage IT risks, improve security controls, and support compliance initiatives across a growing organization. Working closely with technical and business stakeholders, you'll contribute to audit readiness, vendor risk management, and continuous process improvement. This role is ideal for a detail-oriented cybersecurity professional who enjoys balancing strategic governance with hands-on risk analysis. If you're passionate about building secure, compliant environments while driving meaningful business impact, this is an excellent opportunity to grow your career.
Accountabilities:
- Conduct IT and cybersecurity risk assessments across systems, applications, and business processes to identify, evaluate, and mitigate security risks.
- Maintain and enhance the organization's centralized IT risk register while tracking remediation efforts and collaborating with stakeholders to address identified risks.
- Lead and support audit readiness activities for frameworks and regulatory requirements, including SOC 2, HIPAA, NYDFS, and internal compliance initiatives.
- Manage security policies by coordinating reviews, monitoring compliance, and recommending updates to strengthen governance practices.
- Perform third-party vendor security assessments and evaluate external risks associated with business partners and service providers.
- Develop dashboards, reports, and key risk indicators (KRIs) to provide leadership with actionable visibility into the organization's security posture.
- Support security awareness programs, compliance training initiatives, and continuous improvement efforts across the business.
Requirements
- 5+ years of experience in information security, cybersecurity governance, IT risk management, audit, or compliance.
- Strong understanding of cybersecurity principles, security controls, IT infrastructure, and data protection best practices.
- Experience working with security and compliance frameworks such as NIST, CIS Controls, or ISO 27001.
- Knowledge of regulatory requirements including HIPAA, NYDFS, CCPA, or similar privacy and compliance standards is highly desirable.
- Experience with Governance, Risk, and Compliance (GRC) platforms such as OneTrust, LogicGate, ServiceNow GRC, or TeamMate is preferred.
- Familiarity with third-party risk management tools such as SecurityScorecard or BitSight is an advantage.
- Proficiency with Microsoft Excel, PowerPoint, SharePoint, Teams, and other collaboration tools.
- Excellent analytical, organizational, communication, and stakeholder management skills with the ability to manage multiple priorities effectively.
- Industry certifications such as Security+, CISA, CRISC, or ISO 27001 Foundations are considered a plus.
Benefits
- Competitive annual salary ranging from $120,000 to $140,000, based on experience and qualifications.
- Performance-based bonus opportunity.
- Fully remote work environment, with preference for candidates located in the Central or Eastern U.S. time zones.
- Comprehensive medical, dental, and vision insurance.
- Life insurance and disability coverage.
- 401(k) retirement savings plan.
- Generous paid time off.
- Opportunity to work with a collaborative Information Security team focused on continuous improvement and professional growth.