Governance Risk and Compliance Analyst

Job Name: Governance Risk and Compliance Analyst
Name of the Company: ActionIQ
Location: New York, NY
Salary range: $137,250 – $152,500 USD Annually
Job Type: Full-time
Education Level: Bachelor’s/Undergraduate Degree

Position Description

We are seeking a Governance Risk and Compliance Analyst to work with key business units to drive the design, implementation, operation, and remediation activities of industry-accepted control frameworks. Reporting to the VP of Information Security, you will establish and support policies, standards, and regulatory requirements and provide controls, subject matter expertise, and guidance for the collection and management of data from multiple systems.

Responsibilities

-Conduct information security risk assessments and assess and document the design of controls
-Identify and report gaps and opportunities in new and existing systems, processes, and technology
-Coordinate with external and internal auditors
-Develop strategies for ensuring organizational compliance with SOC 2, HIPAA, Data Privacy, NIST, and other similar standards and regulations
-Engage control owners and key stakeholders across the organization to collect and test evidence and assess compliance
-Participate in disaster recovery
-Manage the systems for risk register management, vendor and software risk assessments, incident-related risk logging and mitigation, data subject access request workflows and management, management for the configuration of cookie compliance, enterprise policy management, and data mapping
-Lead information security awareness programs to promote and foster the delivery of systems and services with security and privacy controls built-in

Qualifications

-5-8 years of Information security, Governance, Risk, and Compliance experience focusing on compliance assessments, risk assessments, and/or technology audits
-A Bachelor’s degree in Information Systems, Risk Management, Cybersecurity, or other related field
-Experienced performing information security audits or risk assessments
-Advanced technical knowledge of logical access control, network security, encryption, data privacy, and application security
-Experience of compliance frameworks such as SOC 2 Type II, GDPR, and industry frameworks such as NIST CSF and ISO 2700x
-Strong organizational skills
-Industry-recognized certifications are a plus: CRISC, CIPP, CDPSE, CISA, CISSP, or equivalent.

Join us at ActionIQ as we build a growing New York City-based enterprise software company. We offer a comprehensive compensation package that offers a base salary, stock options, and a range of benefits, including medical, dental, and vision benefits, 401k matching, and flexible PTO. The salary range for this role is $137,250 to $152,500 USD annually.