About the Job
Braintrace, one of Utah’s fastest growing cybersecurity companies continues to expand! We are hiring a Compliance and Risk Analyst. Duties will include reviewing compliance standards, drafting and delivering technical reports, security policies, procedures and maturity models, creating business proposals, and a host of technical and business-centric documentation and work products.
This Analyst will report to the Director of Information Security, Risk and Compliance and will be responsible for Project Management, drafting work product, governance/risk/compliance (GRC) efforts as well as ensuring Braintrace’s clients meet their compliance, privacy or security requirements.
If you are quick to learn, ask lots of good questions and have a passion for information security, privacy, compliance and/or building world class security programs, we want to talk to you.
Duties and Responsibilities
- Demonstrate a basic knowledge in IT controls, risk assessments, and the design and testing of security measures.
- Perform analysis and trending (reports, dashboards, status…etc.) on internal or external progress or events affecting information security for clients.
- Engage with technical process owners to understand technical process steps, identify risk, and drive toward a completed documentation that aligns with the IT Governance and Risk Management programs.
- Define client data requests based upon services and engagement requirements.
- Set up and prepare client meetings including ensuring all data requests are defined, timing and schedules, points of contact.
- Prepare client deliverables; must have excellent analytical, writing & presentation skills.
- Research regulations by reviewing regulatory bulletins and other sources of information.
- Be willing to learn audit processes, as required.
- Be willing to learn Cyber and Information Security and align client initiatives with business objectives of the company.
- Own the relationship and serve as the liaison between the functional and technical requirements as well as the execution of those requirements in the deliverables for clients.
- Participate in special projects/research and prepare management reports.
- Consult with leadership to improve control efficiencies and operating effectiveness.
- Partner with key client stakeholders to obtain and review evidence of compliance to support technical SOX, PCI, ISO, COSO and other compliance or audit requirements
- Support the completion of the annual HIPAA, NYDFS, FFIEC, SOX, PCI DSS, ISO, NIST, COSO or other attestations for clients.
- Manage and communicate key compliance milestones for critical systems and complex processes.
- Conduct analysis and trending (reports, dashboards, status…etc.) on internal or external progress or events affecting information security
- Ensures all IT policy and procedures are documented and updated according to regulatory standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and repository / system of record up-to-date as defined by the IT Governance program
- Defines and delivers appropriate metrics, analytics, and scorecards
- Coordinates various GRC repository system improvement projects and activities to enhance the system of record and maintain effective process controls
- Develops and maintains risk register and designs self-assessments to help identify risks
- Serves as an escalation point to track and follow-up on risk events
- Self-Driven. You have excellent organizational skills, integrity, and great follow-through on tasks. You deliver on time or early to exceed expectations regularly.
- Dynamic. You’re innovative, creative, and constantly looking for ways to superior outcomes. You have strong analytical skills and the ability to correlate business needs to technology solutions.
- A Team Player. You enjoy working in a collaborative team-oriented environment. You like the fact that our people genuinely care about each other, their projects and Braintrace. You go out of your way to educate and support the team efforts.
Education and Training Requirements
- BS/MS Degree in Computer Science or related field and/or 2-5 years of experience in Information Security or Assurance, Privacy, Forensics or IT Audit preferred.
- CISA, CISM, CIPP and or CISSP recommended.
- Understanding of risk assessment methodologies such as FAIR, Octave, Allegra and/or other quantitative or qualitative methodologies.
- Security certifications such as GSNA, GCCC, CISSP, or other related certifications.
Compensation & Benefits
We know that talented people are attracted to companies with long term success, an amazing culture and one that provides competitive pay, comprehensive benefits and outstanding career advancement opportunities. If hired, you can expect:
- Competitive salary
- Medical/Dental/Vision benefits
- 401k with company match
- Paid Time Off and Holiday Pay
- Paid training including off-site conferences and OJT technical training and access to our training library
- Paid security certification attempts
Braintrace does not discriminate in any aspect of employment BASED ON race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by federal, state, or local employment discrimination laws where Braintrace does business. All new hires must pass a pre-employment drug test and criminal background check.