Senior Security Risk and Compliance Analyst

3+ years of experience in security risk management, compliance, or GRC roles.
Strong understanding of industry security frameworks such as ISO 27001, SOC 2, NIST, CIS, GDPR, and HIPAA.
Experience conducting security audits, risk assessments, and policy development.
Familiarity with vendor risk management and third-party security assessments.
Excellent communication and collaboration skills, with the ability to translate security concepts for non-technical stakeholders.
Strong analytical and problem-solving skills.
Security certifications such as CISSP, CISM, CISA, or CRISC are a plus.
Must be able to work onsite at our office Tuesday through Thursday each week, with the option to work remotely on Mondays and Fridays.

Develop, implement, and maintain security policies, standards, and procedures aligned with industry best practices (e.g., ISO 27001, SOC 2, NIST, GDPR, HIPAA).
Lead and manage compliance audits, security assessments, and certifications, ensuring continuous compliance with regulatory and contractual obligations.
Perform security risk assessments across internal systems, vendors, and third parties, identifying potential risks and recommending mitigation strategies.
Collaborate with internal teams to enhance security awareness and training programs, fostering a security-first culture.
Oversee vendor security evaluations and third-party risk management processes.
Assist in incident response planning and ensure business continuity measures are in place.
Track security metrics and provide reports to leadership on security risks and compliance status.
Stay up to date with evolving security regulations, frameworks, and industry trends.