Jobs · Finance · New York

Analyst – Technology and Security Risk

Early Warning · New York, NY · 3 wk ago
Finance$76k–$95k/yrFull-time

About the role

The Security Governance, Risk & Compliance Analyst supports information security governance, risk, and compliance activities. They draft and update security policies, standards, and procedures, perform risk assessments, and facilitate audits and assessments. The role also involves providing consultation on regulatory, legal, and contractual requirements, conducting GRC activities, and overseeing internal control testing.

Responsibilities

  • Support Security Governance, Risk and Compliance programs and initiatives
  • Develop Security Governance, Risk and Compliance skills in at least two functional areas: Risk management, PCI assessments, Internal Audits, Security policy management, GRC tool management, remediation plans, and participation in external audits
  • Provide consultation to management on regulatory, legal, and contractual requirements
  • Perform GRC activities using the GRC platform; support the Security Department with GRC platform usage and best practices
  • Engage business owners in the development and enforcement of security policies, standards, procedures, and guidelines
  • Oversee internal control testing; advise management on control design and implementation; perform testing where needed
  • Identify control gaps and weaknesses, and track and report remediation progress
  • Assess information security risk and recommend mitigation activities in alignment with Enterprise and Operational Risk Management requirements
  • Facilitate the collection and review of documentation required for internal and external audits and assessments
  • Facilitate the execution of internal and external audits and assessments
  • Create monthly security-focused metrics reporting for management and senior leadership
  • Maintain compliance programs (security awareness and training activities, phishing and password, etc.) according to their set schedules
  • Support the company's commitment to protect the integrity and confidentiality of systems and data

Requirements

  • Education and experience typically obtained through completion of a bachelor’s degree
  • Minimum 2 years direct/related work experience in security, governance, risk, and compliance, risk management, IT audit, information technology, or related
  • Excellent written/verbal communication skills, with ability to present to peers and co-workers
  • Working knowledge of common security frameworks such as: HITRUST, ISO 27001, NIST, PCI-DSS or SOC-2

Qualifications

  • Prior financial services or FinTech experience
  • Prior GRC, Information Security & Technology Consulting, or Advisory experience with leading consulting firms such as KPMG, Deloitte, E&Y, PWC is highly desirable
  • Working knowledge of ISO 27002, PCI DSS 3.2 or current, NIST 800-53a, Standard Information Gathering Questionnaires, FFIEC handbooks, SOC-2 Type II, GLBA, FCRA, NYDFS, and data privacy

Skills

  • Strong analytical and problem-solving skills
  • Excellent communication and interpersonal skills
  • Ability to work independently and manage multiple projects simultaneously
  • Proficiency in Microsoft Office Suite

Benefits

Early Warning Services offers a comprehensive benefits package including healthcare coverage, a 401(k) retirement plan, paid time off, parental leave, and more. The company also participates in E-Verify, a federal program to help ensure a legal and authorized workforce.

Pay

The base pay scale for this position in Phoenix, AZ/Chicago, IL/Washington, DC is $76,000 - $95,000, and in New York, NY/San Francisco, CA is $91,000 - $114,000. Additionally, candidates are eligible for a discretionary incentive plan and benefits.

Similar jobs