Security & Privacy Analyst
Apps Associates · Acton, MA · 3 wk ago
HybridInformation TechnologyFull-time
Key Responsibilities
- Support the organization's information security and compliance programs.
- Assist with customer security assessments, questionnaires, and due diligence requests.
- Support annual audits and certifications, including SOC and ISO-related activities.
- Collect, organize, and maintain compliance evidence and documentation.
- Affiliate policy development, maintenance, and periodic reviews.
- Monitor regulatory, contractual, and customer security requirements.
Privacy & Data Protection
- Support compliance with applicable privacy regulations, including GDPR, CCPA/CPRA, and other data protection requirements.
- Cook Data Subject Access Requests (DSARs) and other privacy-related requests.
- Maintain Records of Processing Activities (RoPA) and privacy documentation.
- Participate in Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
- Affiliate vendor privacy reviews and data protection agreement tracking.
- Affiliate privacy incident documentation and response activities.
Risk Management & Governance
- Support third-party risk management and vendor assessments.
- Affiliate risk assessments and remediation tracking.
- Maintain governance, risk, and compliance records and reporting.
- Affiliate security and privacy metrics, reporting, and dashboards.
- Affiliate implementation and administration of governance, risk, and compliance (GRC) platforms.
Training & Awareness
- Coordinate security and privacy awareness initiatives.
- Affiliate compliance training administration and tracking.
- Develop communication and awareness materials to promote security and privacy best practices.
Cross-Functional Collaboration
- Partner with Security, Legal, Contracts, Human Resources, IT, and business teams to support compliance objectives.
- Affiliate customer and vendor contract reviews related to security and privacy requirements.
- Participate in internal projects to ensure security and privacy considerations are appropriately addressed.
- Affiliate customer, vendor, and audit inquiries as needed.
Qualifications
- 3–5 years of experience in information security, privacy, compliance, governance, audit, risk management, or a related field.
- Working knowledge of information security principles and controls.
- Familiarity with security, privacy, and compliance frameworks and regulations, including HIPAA, PCI DSS, FERPA, GDPR, CCPA/CPRA, or similar requirements.
- Strong organizational, analytical, and documentation skills.
- Excellent written and verbal communication skills.
- Ability to manage multiple priorities in a fast-paced environment.
- Ability to work independently with limited supervision.
- Proficiency with Microsoft Office applications, including Excel, Word, and PowerPoint.
PREFERRED EXPERIENCE
- Support SOC 1, SOC 2, ISO 27001, or similar compliance frameworks.
- Experience with vendor risk management and customer security questionnaires.
- Familiarity with privacy assessments, data mapping, and data governance activities.
- Experience with governance, risk, and compliance (GRC) platforms.
- Knowledge of artificial intelligence (AI) technologies, AI governance frameworks, privacy considerations, and emerging regulatory requirements (e.g., ISO 42001, EU AI Act) is highly desirable.
Professional Qualities
- Strong attention to detail and follow-through.
- Ability to work independently and collaboratively.
- Sound judgment and professionalism when handling sensitive and confidential information.
- Curiosity and willingness to learn across security, privacy, governance, compliance, and AI disciplines.
- Strong customer service mindset and ability to communicate effectively with technical and non-technical stakeholders.
- High degree of integrity, ethics, and accountability.
Why Join Apps Associates?
- This role offers a unique opportunity to work directly with executive leadership while contributing to a global security, privacy, and compliance program.
- The successful candidate will gain broad exposure to cybersecurity, privacy, governance, audit, risk management, AI governance, customer compliance initiatives, and emerging technologies within a growing professional services organization.