We are seeking a skilled and motivated Associate- Security and Compliance Analyst to join our team. The ideal candidate will have a strong background in Third-Party Risk Management (TPRM), SOC 1 and SOC 2 audits, ISO/IEC 27001, and SSAE 18 frameworks. This role is crucial in ensuring compliance with regulatory requirements, industry standards, and internal policies while driving continuous improvement in our risk management practices The Work -
Third-Party Risk Management (TPRM):
Develop and execute TPRM strategies, ensuring proper vetting, monitoring, and reporting of third-party risks. Conduct risk assessments of vendors and partners, providing recommendations for mitigation and oversight. Maintain a comprehensive register of third-party contracts and associated risks. SOC 1 and SOC 2 Audits: Manage end-to-end audit processes for SOC 1 and SOC 2 compliance, including evidence collection and control implementation. Act as the primary liaison between internal teams and external auditors. Ensure timely remediation of findings and drive continuous improvement. ISO / IEC 27001 Implementation & Maintenance: Oversee the development, implementation, and maintenance of the Information Security Management System (ISMS). Conduct internal audits to ensure compliance with ISO/IEC 27001 requirements. Collaborate with stakeholders to manage risk treatment plans and maintain certification. SSAE 18 Compliance: Ensure organizational adherence to SSAE 18 standards through the development of policies, controls, and audit processes. Maintain documentation and communication with stakeholders on the organization's compliance status. Policy Development and Compliance Monitoring: Draft, review, and update GRC policies and procedures to align with best practices and regulatory requirements. Monitor compliance with industry standards and regulations, recommending corrective actions as needed. Risk Assessment and Mitigation: Conduct enterprise-wide risk assessments to identify, analyze, and mitigate operational and information security risks. Develop and maintain risk registers and dashboards for executive reporting. Training and Awareness: Provide training and guidance to employees on GRC, TPRM, and compliance topics. Foster a culture of compliance and security awareness throughout the organization. The Must-Haves - Bachelors degree in information security, Computer Science, or a related field. 3+ years of experience in GRC, information security, or audit-related roles. Expertise in: TPRM tools and frameworks SOC 1 & SOC 2 frameworks ISO/IEC 27001 implementation SSAE 18 compliance Strong knowledge of risk management principles and practices. Excellent communication and interpersonal skills for stakeholder engagement. Certification(s) such as CISA, CISM, ISO 27001 Lead Implementer / Auditor, or CRISC is a plus.