Controls & Compliance Senior Analyst

BA/BS degree in Computer Information Systems, Computer Science or equivalent experience is required.
5+ years of experience in technology, Information Security GRC.
Strong knowledge of Information Security and risk management frameworks (NIST, ISO, COBIT, CIS).
Familiarity with GRC platforms and data analytics tools for risk management.
Highly developed oral and written communication skills; strong presentation skills.

Assist with security assurance activities, including control design evaluations, walkthroughs, and control effectiveness testing aligned with regulatory and framework requirements (e.g., NIST CSF, ISO 27001, SOX, SOC2, FFIEC CAT).
Perform testing of security controls, including coordination with internal audit, external assessors, and business stakeholders.
Perform Information Security risk assessments, including risk identification, evaluation, and prioritization, to support informed decision-making and resource allocation.
Provide support of issue lifecycle, including issue identification, root cause analysis, remediation planning, tracking, validation, and closure, ensuring timely and effective resolution of risk and compliance gaps.
Leverage GRC tools (e.g., Archer, ServiceNow GRC, LogicGate) to automate risk management workflows and enhance reporting capabilities.
Support KPI/KRI’s to facilitate risk prioritization and articulation for the enterprise and senior leadership reporting.

Training courses, seminars, certifications, or other security related education experience preferred.
Certifications such as CISM, CRISC, CISSP, or CGEIT preferred.