Compliance Analyst, InfoSec Governance

HireArt is helping an on-demand, autonomous ride-hailing company hire a highly skilled Third-Party Risk Analyst, InfoSec Governance to assess third-party risk as part of vendor evaluations.

In this role, you will conduct periodic assessments based on the sensitivit



Job description

HireArt is helping an on-demand, autonomous ride-hailing company hire a highly skilled Compliance Analyst, InfoSec Governance to ensure that the organization adheres to established information security governance, risk management, and compliance (GRC) frameworks.

In this role, you will conduct internal compliance assessments, risk assessments, and ensure adherence to policies and standards.

We're looking for someone with a strong understanding of information security frameworks, risk management practices, and excellent analytical skills.

As a Compliance Analyst, InfoSec Governance, you will:

• Compliance Activities:
  • Develop and implement security management systems to track objectives and controls.
  • Plan and lead organization-wide security audits to ensure compliance with relevant policies, standards, and frameworks (e.g., NIST 800-53, ISO 27001, etc.).
  • Coordinate internal and external audits with IT, Product Security, and other departments/teams.
  • Prepare, review, and maintain compliance documentation.
• Risk Assessments:
  • Conduct risk exposure assessments to identify potential threats and vulnerabilities.
  • Perform comparative risk assessments to evaluate different solutions and their impact on security.
  • Prioritize risks based on their potential impact and likelihood, determining security ROI for prioritization considerations.
  • Develop and implement remediation plans for identified risks.
• Policy and Standards Management:
  • Ensure compliance activities align with existing policies, standards, frameworks, and industry regulations.
  • Identify and address shortcomings in platform security and compliance processes.
  • Develop and maintain the control framework, ensuring it is up-to-date and effective.
• Collaboration and Communication:
  • Serve as a liaison between IT and internal auditing teams.
  • Work with various departments to ensure compliance with internal and external requirements.

Requirements

• Bachelor s degree in Computer Science, Information Systems, Business, or in a related field, or equivalent relevant experience
• 6+ years of experience in conducting security control assessments or audits
• 6+ years experience with information security standards and privacy laws (e.g., ISO 27001, NIST, GDPR, CCPA, CPRA, etc.)
• Strong knowledge of GRC frameworks and tools
• Proficiency in risk assessment methodologies and tools
• Conceptual understanding of the following technologies:
  • LLMs (Large Language Models), AI (artificial intelligence), Client (machine learning)
  • Security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., routers, firewalls, web proxies, intrusion prevention, etc.)
• Excellent analytical and critical thinking skills
• Strong written and verbal communication skills
• Ability to work collaboratively in a dynamic, fast-paced environment
• Professional certifications such as CISA, CISM, CRISC, or CISSP are a bonus!
• Experience in automotive, aerospace, industrial control systems (ICS/SCADA), or high-assurance environments is a plus

y of the vendor, data in scope, or prior security incidents.

We're looking for someone with a strong understanding of information security frameworks, risk management practices, and excellent analytical skills.

As a Third-Party Risk Analyst, InfoSec Governance, you will:

• Vendor Risk Assessment:
  • Perform comprehensive third-party risk assessments at the point of engagement.
  • Evaluate vendors' information security controls, operational practices, and data privacy measures.
• Periodic Reviews:
  • Conduct periodic assessments of third-party vendors based on the sensitivity of the vendor.
  • Assess the data involved or any prior security incidents.
  • Ensure continuous monitoring and reassessment of vendor risk profiles.
• Risk Mitigation:
  • Identify, analyze, and prioritize risks associated with third-party vendors.
  • Work with vendors and internal stakeholders to develop and implement risk mitigation strategies.
• Compliance and Reporting:
  • Ensure compliance with relevant information security standards and regulatory requirements (e.g., NIST CSF, GDPR, ISO/IEC 27001).
  • Provide clear and high-quality risk reports with guidance and recommendations to senior business owners.
• Collaboration and Communication:
  • Develop and maintain strong working relationships with business areas, IT teams, and vendors.
  • Advise on security requirements and best practices.
• Data Analysis and Reporting:
  • Perform data analyses and generate reports on third-party risk.
  • Track and communicate overall program performance.
  • Ensure timely completion of program milestones.
• Contractual Reviews:
  • Support contractual reviews for new and existing suppliers.
  • Ensure security requirements are met in supplier contracts.
• Process Improvement:
  • Participate in the development and optimization of vendor risk management processes and procedures.
  • Improve overall vendor risk posture.

Requirements

• Bachelor s degree in Computer Science, Information Systems, Business, or in a related field, or equivalent relevant experience
• 6+ years of experience in conducting security control assessments or audits
• 2+ years of experience in developing or managing security awareness programs
• 6+ years experience with information security standards and privacy laws (e.g., ISO 27001, NIST, HIPAA)
• Strong knowledge of GRC frameworks and tools
• Proficiency in third-party risk assessment methodologies and tools
• Conceptual understanding of the following technologies:
  • LLMs (Large Language Models), AI (artificial intelligence), Client (machine learning)
• Excellent analytical and critical thinking skills
• Strong written and verbal communication skills
• Ability to work collaboratively in a dynamic, fast-paced environment
• Professional certifications such as CISA, CISM, CRISC or CISSP are a bonus!