Associate Governance Risk And Compliance Analyst

Job Summary:

Seeking someone passionate about information security and customer service to assist customers in meeting their cybersecurity regulatory and legal requirements. Analysts will work with customers to develop formalized information security policies, analyze the efficacy of current policies and procedures, and evaluate the risks posed by third-party providers. Analysts also work with the Cybersecurity Engineering team to assist clients with cybersecurity risk management procedures.

Responsibilities (including, but not limited to):

• Coordinating and working with clients to develop formalized Written Information Security Programs (WISPs)

• Performing cybersecurity due diligence assessments on client vendors

• Engaging with the cybersecurity engineering team to assist with client risk management

• Performing "White Box" cybersecurity risk assessments for client environments

• Assisting clients in meeting regulatory requirements via policy review and testing (e.g., Incident Response tabletop exercises)

• Assisting clients with their own due diligence questionnaire and fielding cybersecurity and compliance questions

• Providing customized end-user security awareness training via presentations and simulated phishing campaigns

• Researching and keeping up to date with industry compliance regulations, most specifically within the investment and financial services space, including SEC, FCA, FTC, FINRA, and NYDFS.

• Performing compliance information security gap assessments for various regulations and frameworks. (NIST CSF, CIS CSC v8, HIPAA, PCI-DSS, SOC2, ISO27001, etc.)

Skills:

• Basic operational capabilities for the Office 365 stack (Microsoft Word, Excel, Outlook)

• Strong ability to direct self-work with excellent organizational and time management skills.

• Excellent verbal and written communication skills, especially when communicating technical concepts to non-technical audiences.

• Critical and creative thinking to strategize how to add value to customer engagements and improve processes

• Exceptional spelling and grammar skills for writing and proofreading documents.

• Ability to remain flexible as processes continuously improve.

Qualifications:

• 1-3 years experience in an IT, Cybersecurity, or GRC-related field preferred.

• CompTIA Security+ certification preferred.

• Knowledge of Secure Software Development Life Cycle (SSDLC) practices is a plus.

• Must be available to work 8am-5pm EST Monday-Friday

• Commute to our office in a hybrid fashion