Analyst – Technology and Security Risk
About the role
The Security Governance, Risk & Compliance Analyst supports information security governance, risk, and compliance activities. They draft and update security policies, standards, and procedures, perform risk assessments, and support internal controls testing. The role also involves consulting on regulatory and legal requirements, facilitating audits, and overseeing security training.
Responsibilities
- Support the development and enforcement of security policies, standards, procedures, and guidelines.
- Perform security risk assessments and remediate identified issues.
- Contribute to the internal controls testing program and advise on control design and implementation.
- Identify and address security gaps and weaknesses, and track remediation progress.
- Assess information security risks and recommend mitigation strategies.
- Collaborate with business owners to ensure compliance with security policies and regulations.
- Facilitate internal and external audits and assessments, including SOC-2, GLBA, and PCI-DSS.
- Create and maintain security-focused metrics reports for management and senior leadership.
- Maintain compliance programs, including security awareness and training activities, phishing prevention, and password management.
Requirements
The ideal candidate must have a bachelor's degree and at least 2 years of direct/related work experience in security, governance, risk, and compliance, risk management, IT audit, information technology, or a related field. Excellent written/verbal communication skills are essential, along with the ability to present to peers and co-workers. Prior financial services or FinTech experience, as well as prior GRC, Information Security & Technology Consulting, or Advisory experience, is preferred.
Qualifications
- Education: Bachelor's degree
- Experience: At least 2 years of direct/related work experience in security, governance, risk, and compliance, risk management, IT audit, information technology, or a related field.
- Skills: Excellent written/verbal communication skills, background in common security frameworks (HITRUST, ISO 27001, NIST, PCI-DSS, or SOC).
Skills
- Knowledge of common security frameworks (HITRUST, ISO 27001, NIST, PCI-DSS, or SOC).
- Experience with GRC platforms.
- Ability to facilitate audits and assessments.
- Strong analytical and problem-solving skills.
- Excellent interpersonal and communication skills.
Benefits
- Healthcare Coverage: Competitive medical, dental, and vision plans, HSA/FSA contributions, and 11 paid company holidays.
- Retirement Plan: 100% Company Safe Harbor Match on the first 6% deferral, and a 401(k) retirement plan.
- Paid Time Off: Flexible Time Off for exempt employees, generous PTO for non-exempt employees, and a paid volunteer day.
- Parental Leave: 12 weeks of Paid Parental Leave.
- Family Planning Support: Maven Family Planning offers support through various stages of parenting, including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.
Pay
The base pay scale for this position in Phoenix, AZ/Chicago, IL/Washington, DC is $76,000 - $95,000, and in New York, NY/San Francisco, CA is $91,000 - $114,000. Additionally, candidates are eligible for a discretionary incentive plan and benefits. The company actively supports and reviews wage equity to ensure fair pay decisions.