Senior Analyst – Risk and Compliance

Chasepro Talent • Irvine, CA, US • $140k - $160k / year • 5d ago

Job Title: Sr. Analyst – Risk and Compliance

Location: Irvine, CA – Onsite

Duration: Full time/Direct hire

Job Description:

The Sr. Analyst, Information Security – Risk and Compliance is responsible for executing the Information Security Management Program, ensuring compliance with organizational policies and statutory regulations. This role includes overseeing security projects, managing risk assessments, and recommending mitigations to protect systems and reduce potential losses.

Key Responsibilities:

Security and Risk Management:

Implement and administer TrustCloud GRC and OneTrust Applications; implement additional GRC tools as needed.
Conduct security risk assessments on IT systems, applications, and infrastructure for compliance with security standards and regulations.
Assess and manage third-party risks, including evaluating AICPA SOC 1 and 2 reports (Type I and II).

Process and Policy Improvement:

Facilitate the risk management process including identification, analysis, and remediation.
Guide and maintain IT risk and compliance policies, ensuring adherence to best practices like NIST, ISO, HIPAA, PCI, and state privacy regulations.

Reporting and Metrics:

Provide executive-level IT risk reports to stakeholders and senior management, detailing quantitative and qualitative risk estimates.
Use Metrics and Key Risk Indicators (KRIs) to track and improve risk management quality.

Internal and External Compliance:

Monitor compliance with IT policies and procedures; partner with business units to address gaps.
Conduct internal audits, technology assessments, health checks, and gap analysis against regulatory standards like HIPAA, PCI-DSS, HITRUST, and CCPA.

Project and Training Management:

Manage small to moderately complex security, compliance, and risk management projects.
Establish and manage an Information Security Management Systems (ISMS) training program.

Required Qualifications:

Education:

Bachelor's degree in Business, Information Technology, or related field from an accredited university.
In lieu of degree: 5+ years of experience in relevant fields.

Experience:

6+ years in Governance, Compliance, and Risk management.
3+ years in project management or business analysis.

Other Requirements:

Willingness to travel to office locations and third-party sites.

Preferred Qualifications:

Certifications:

CRISC, CISA, Security+, CISSP, SSCP, or FAIR certification.

Experience:

2+ years working with IT systems including networks, servers, or storage devices.
Experience evaluating AICPA SAE 16/18 reports and SOC controls.

Industry Experience:

Experience in the dental, healthcare, or retail industry.

Knowledge/Skills/Abilities:

Knowledge:

Familiarity with ISO 27001, HIPAA, HITRUST, and CCPA frameworks.
Understanding of IT components (networks, servers, storage, cloud services).

Technical Skills:

Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Visio, Outlook).

Interpersonal Skills:

Strong verbal and written communication skills.
Ability to collaborate effectively and provide clear reporting.

Personal Attributes:

Detail-oriented, organized, proactive, customer-focused.
Ability to multitask and make independent decisions with limited information.

Key Traits for Success:

Ability to respond to common inquiries from customers, staff, regulatory agencies, vendors, and other members of the business community.
Strong self-motivation and reliability.
Capability to manage multiple tasks without compromising quality.
Problem-solving and decision-making skills.