Risk and Compliance Analyst

Legato Security • Remote (Salt Lake City, UT, US) • 4m ago

Who We Are

Legato Security is an information security firm founded upon the belief that every organization has the right to keep its data private and secure. Our mission is to build close partnerships with our clients, serving them not as just a vendor, but as trusted advisors helping to build effective, proactive plans. Our focus is always on both the technical and human elements within an organization. We believe in comprehensive strategies designed to harden networks, deflect attackers, and rapidly recover from any accidents. As technology progresses, so do our tactics, ensuring our experts are always prepared to serve forward-looking leaders eager to stay ahead of emerging threats.

Position Overview

Legato Security is a seeking Risk & Compliance Analyst to take on an exciting role in Salt Lake City, UT. The successful candidate will work directly with clients, internal staff, and third-party vendors to determine if compliance guidelines are met and risk is identified. The successful candidate will understand many different compliance frameworks, understand security risk and controls, and will have in-depth knowledge of general security best practices. Previous risk management, compliance, and audit experience is required. Growth opportunities are likely for a candidate who can hit the ground running, is a self-starter, and who can demonstrate excellent analytical, communication, and critical thinking skills. Growth within this team includes Analyst I, II, III, and manager roles.

Specific Job Responsibilities

Internal: Manage internal audit and compliance processes and work with third party auditors to meet compliance obligations
Internal: Perform internal risk assessments, and work with the team to implement controls and close identified gaps
Internal: Manage internal controls to meet compliance obligations such as policy and procedure, quarterly checks, and access auditing
Internal: Mange third party vendor risk management process for all vendors Legato Security utilizes or partners with
Client-facing: Perform risk assessments using many security and compliance frameworks on client infrastructure as part of client engagements
Client-facing: Write and deliver risk assessment reports with identified controls gaps and recommended remediation
Client-facing: Work with clients to help them understand remediation actions, identified gaps, and explain the “why” of your recommendations.
Client-facing: Perform third party vendor risk assessments of vendors utilized by clients who subscribe to vendor risk management services
Client-facing: Perform specific compliance framework gap assessments in client requirements as part of services engagements
Internal and Client-facing: Monitor and manage ongoing assessment controls to determine additional risk in real time
General: Keep up to date with compliance framework changes, regulatory updates, and laws that may affect internal or client compliance and risk

Qualifications

Excellent written and verbal communication skills
Demonstrable analytical and problem-solving skills
Understanding of many different compliance controls (NIST, CMMC, ISO27K, PCI DSS, HIPAA, GDPR, CPRA, FERPA, HITRUST, FedRAMP, SOX, etc.)
Understanding of cybersecurity best practices and ability to keep up to date on new recommendations
Ability to differentiate between different compliance frameworks and how they may apply to client environments differently
Associate degree or equivalent experience in compliance, risk management, information technology, cyber security, or other related field
Minimum 2 years’ experience working in compliance performing audits, risk assessments, controls alignment, and/or third-party vendor risk management
Previous experience working with outside clients is highly desirable
Risk and compliance or security certifications such as CISSP, CRISC, CISA, CQA, etc. is highly desirable
Salary and position level is dependent on experience

Perks

Start-up company in a growth phase with opportunity for advancement based on performance
Start-up culture with an office in downtown Salt Lake City, UT
Competitive medical and dental benefits for employee and family members
Other company-provided benefits such as short-term disability, basic life insurance, children’s orthodontia, with additional voluntary benefits available, and 401K match
Flexible Paid Time Off policy
Professional Development opportunities specific to role

Apply