Senior Security Analyst

Cbiz

  • Cleveland, OH
  • Permanent
  • Full-time
  • 9 hours ago
CBIZ, Inc. is a leading professional services advisor to middle market businesses and organizations nationwide. With unmatched industry knowledge and expertise in accounting, tax, advisory, benefits, insurance, and technology, CBIZ delivers forward-thinking insights and actionable solutions to help clients anticipate what's next and discover new ways to accelerate growth. CBIZ has more than 10,000 team members across more than 160 locations in 21 major markets coast to coast.CBIZ strives to be our team members’ employer of choice by creating an environment where team members are appreciated, recognized for their contributions, and provided with opportunities to grow, both personally and professionally, throughout their careers.At CBIZ, we prioritize the security and privacy of our services. Our Governance, Risk, and Compliance (GRC) team supports company-wide initiatives and high standards of quality to ensure continuous compliance and reduce risk exposure.The Senior Security Analyst will work with a diverse group of internal and external stakeholders to support ongoing security initiatives, maintain compliance needs, and ensure that security policies and standards are followed.Candidates should be detail-oriented, proactive, and eager to develop within a fast-paced and evolving security environment. You will be a member of the Information Security Department and collaborate across business functions to ensure compliance and regulatory requirements are met. You will work both independently and as part of a team, contributing to the maturity of CBIZ’s GRC practices.Key Responsibilities:
  • Ensure compliance with all applicable regulations, including SOX, SOC 2, CCPA, HIPAA, and other industry-specific standards.
  • Assist with the third-party risk management process to assess, monitor, and manage third-party risks.
  • Perform risk assessments, audits, and compliance reviews to identify potential risks and implement mitigation strategies.
  • Assist in mapping controls across frameworks to streamline compliance efforts, translate controls into actionable steps, and provide implementation guidance to stakeholders.
  • Deliver and enhance security awareness campaigns to ensure a consistent understanding of best practices and compliance requirements across the organization.
  • Update and maintain the organization's risk register, ensuring that it accurately reflects the current risk landscape and is used effectively for decision-making.
  • Support the ongoing maintenance and improvement of GRC solutions, including control testing.
  • Collaborate with cross-functional teams to embed risk management practices into operational processes.
  • Participate in process reviews and identify opportunities for improvements in operational efficiency, overall effectiveness, and identifiable benefits to the organization.
  • Stay updated on the latest regulatory changes, industry trends, and best practices to ensure continuous improvement.
  • Other duties as required to fulfill the Senior Security Analyst position.
Preferred Qualifications:
  • Minimum of 5 years of experience in GRC within a public company.
  • In-depth knowledge of regulatory requirements, including SOX, CCPA, HIPAA, and other relevant frameworks.
  • Hands-on experience with GRC solutions and third-party risk management programs.
  • Strong understanding of IT governance, information security, and data privacy principles.
  • Excellent management, communication, and interpersonal skills.
  • Ability to work effectively with cross-functional teams and influence stakeholders at all levels.
  • Ability to develop and implement security policies, procedures, and controls.
  • Relevant certifications (e.g., CISA, CISM, CISSP, CRISC) are a plus.
  • Additional experience with Identity and Access Management, Data Classification, and Data Loss Prevention is highly desirable.
Minimum Qualifications:
  • College Degree or equivalent required
  • 6 years related experience
  • Expert technical knowledge
  • Knowledge of industry regulations
  • Ability to lead and coordinate the team activities of others
  • Ability to formulate, document and recommend new policies and procedures
  • Able to work in and lead a team
  • Demonstrated ability to communicate verbally and in writing throughout all levels of an organization, both internally and externally
  • Ability to travel as required by business and on-call availability
#LI-MM2 #LI-Hybrid

Cbiz