Senior Analyst, IS Governance and Compliance

About The Position

Requirements

• Experience working with auditors
• Project management skills for managing multiple complex activities
• Strong organizational skills with the ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem as a team player with a can-do attitude
• Knowledge of controls frameworks and applicable regulatory compliance mandates (e.g., NIST, CIS CSC, COBIT, CCPA, HIPAA, GLBA, SOC 1 Type 2, MAR)
• Conduct research in keeping abreast of regulations and the latest security issues
• Knowledge to evaluate, build, and optimize security program elements as assigned (e.g., logical access control, application security, vendor risk management, network security, privacy)
• Strong written and verbal communication skills and ability to interface with all levels of business and executive leadership
• Excellent analytical, problem-solving, and decision-making skills, applied with a solution-focused attitude
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism
• Bachelor’s degree in Information Security, Information Technology, Risk Management, or a related field (or equivalent experience)
• 5+ years of experience in information security governance, risk management, audit, or compliance
• Certifications such as CISA, CISM, CISSP, CRISC, CIPP, or GIAC or equivalent professional certifications
• Strong working knowledge of security and privacy frameworks and regulatory requirements
• Experience supporting or leading internal and external audits
• Excellent analytical, written, and verbal communication skills
• Experience with GRC platforms (e.g., Archer, ServiceNow GRC, or similar tools)

Responsibilities

• Governance & Compliance Lead and coordinate internal and external audits, including SOC examinations and regulatory assessments
• Manage compliance with applicable regulations and frameworks (e.g., SOC 1/2, HIPAA, CCPA, NYDFS 500, GLBA)
• Develop, maintain, and enhance information security policies, standards, and procedures
• Ensure compliance artifacts and documentation are accurate, current, and audit‑ready
• Report status updates completely, accurately, and timely manner.
• Maintain subject matter expertise and demonstrate superb critical thinking skills to ensure audit, assessments, and questionnaires are effective and efficient
• Advocate and champion information security practices
• Execute security control maturity assessments using interviews, documentation reviews, and evidence analysis
• Support implementation and continuous improvement of control frameworks such as NIST, ISO 27001, CIS, or COBIT
• Conduct periodic internal assessments for security risk and compliance
• Perform other essential duties as assigned
• Stakeholder Engagement Collaborate with IT, security, legal, privacy, procurement, and business teams across the enterprise
• Communicate security and compliance requirements to stakeholders with varying levels of technical expertise
• Provide clear, concise status reporting to management
• Foster strong working relationships and serve as a subject‑matter resource for G&C‑related inquiries
• Serve as a subject‑matter resource for G&C‑related inquiries