This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

As a member of the Cyber Security group, the IT Risk and Compliance Analyst I is responsible for supporting the organization’s IT risk management, third-party risk management, and compliance efforts.

• Assist in identifying, assessing, and mitigating IT-related risks while ensuring compliance with relevant laws, regulations, and industry standards.
• Collaborate with IT and other business departments to evaluate IT controls in the context of PCI and NIST standards.
• Perform comprehensive enterprise-wide IT risk assessments and audits, collaborating cross-functionally to identify, prioritize, and mitigate cyber risks and compliance issues.
• Develop, implement, and maintain robust IT security policies, procedures, and controls aligned with organizational objectives, industry frameworks (e.g., NIST 800-53), and regulatory requirements (e.g., PCI DSS).
• Design and execute engaging security awareness training programs and campaigns to cultivate a security-minded culture.
• Create and maintain documentation related to IT risk and compliance activities.
• Continuously monitor and evaluate emerging IT risks, regulatory changes, and industry trends to proactively adapt security and compliance controls.
• Conduct third-party cyber risk assessments, ensuring vendors and partners align with core cyber and compliance standards.
• Establish and maintain a comprehensive risk register, identifying, assessing, and mitigating IT security risks to enhance organizational resilience.
• Provide expert guidance to stakeholders on interpreting and implementing company standards and regulatory requirements.
• Complete inbound VSQs, RFPs, and RFIs, ensuring comprehensive and timely responses.
• Other non-essential duties as assigned or may be necessary.

Qualifications

• Comprehensive knowledge of industry standards, frameworks (e.g., NIST-CSF), and regulatory requirements (e.g., PCI DSS).
• Experience with Governance, Risk, and Compliance (GRC) tools.
• Demonstrated experience in policy and procedure development.
• Demonstrated experience in conducting risk assessments, audits, and developing mitigation strategies.
• Ability to stay current with evolving cybersecurity threats, industry trends, and regulatory changes, applying this knowledge to enhance organizational security posture.
• Detail-oriented with strong organization, prioritization, and time management skills.
• Critical thinking, ability to analyze complex IT risk and compliance challenges.
• Proven ability to work collaboratively in cross-functional teams and build strong relationships with various stakeholders across the organization.
• Strong communication skills to effectively interact with internal and external partners at all levels to resolve issues and provide solutions.
• Intermediate to advanced proficiency in Microsoft Office suite, including Word, Excel, and PowerPoint.
• Professional certifications such as CISA, CRISC, GCCC, GSEC, CGRC, or similar - preferred.

Requirements

• 3+ years of experience in IT risk management, compliance, information security, or similar roles.
• Prior experience with NIST CSF, PCI DSS, or similar audits.

Benefits

• Comprehensive medical benefits coverage, dental plans, and vision coverage.
• Health care and dependent care spending accounts.
• Short- and long-term disability.
• Life insurance and accidental death & dismemberment insurance.
• Employee and Family Assistance Program (EAP).
• Employee discount programs.
• Retirement plan with a generous company match.
• Employee Stock Purchase Plan (ESPP).
• Paid Time Off (PTO).