The Information Security Risk & Compliance Analyst will be responsible for assuring information security and managing risks related to the use, processing, transmission and storage of information and the systems and processes used for those purposes. The Analyst's role lies within the Chief Information Security Officer's organizational structure, reporting to the Manager of Information Security Governance, Risk and Compliance
The Analyst will be a key member contributing to the development and maintenance of information security policies, focusing on assessing and prioritizing risk across the organization, compliance with information security policies, and the development and reporting of information security metrics. The Analyst will perform risk assessments and control gap analysis against Information Security Policies and Risk Management Standards. The Information Risk and Compliance Analyst will create, organize and articulate summarized risk findings that are clear and actionable by business stakeholders, reduce risk by helping to prioritize and drive remediation efforts throughout the organization, and contribute to risk management, treatment, and reporting process efforts to protect data assets. The Analyst's role will help prepare for and facilitate assessments and examinations by qualified security assessors. The Analyst will perform third party supplier security assessments, as well as facilitate and coordinate responses for customer due diligence questionnaires.