Risk and Compliance Analyst - RCA 25
NavitsPartners
- Seattle, WA
- Permanent
- Full-time
Duration: 12 Months
Location: 100% RemotePosition OverviewRisk and Compliance Analyst is needed to support the implementation of an information security management program. The analyst will work closely with the Unit Information Security Architect and play a key role in aligning the unit s information security strategy with enterprise standards. This role involves developing, maintaining, and implementing comprehensive information security programs to safeguard information systems, ensure compliance, and mitigate risk. The ideal candidate will demonstrate strong project management skills, the ability to coordinate across stakeholders, and a track record of delivering security and compliance initiatives on time.Key ResponsibilitiesConducting Risk AssessmentsPerform risk assessments of information systems based on unit information security policies.Developing Risk Mitigation StrategiesMaintain a security risk log and implement prioritized risk mitigation strategies.Stakeholder CoordinationEngage with stakeholders to conduct risk assessments and implement mitigation actions.Provide regular program status reports and escalate impediments as needed.Compliance with Regulations and PoliciesEnsure adherence to industry standards, government regulations, and organizational information security policies.Program Monitoring in Complex EnvironmentsOrganize and manage tasks effectively.Monitor progress in dynamic environments, recommending techniques and methods to achieve results.Inventory ManagementMaintain an up-to-date inventory of all unit information systems.Required Experience & Skills5+ years of IT security or information security experience with demonstrated ability to engage senior management and regulators.2+ years administering IT security controls.2+ years in security incident response (SOC or Security Operations role).Strong background in risk assessments, risk management, and compliance (UC IS-3 or ISO 27002 preferred).Technical knowledge sufficient to conduct risk assessments across infrastructure, applications, and systems.Excellent communication skills, with the ability to lead effective meetings and engage customer-facing stakeholders.Strong project management skills with the ability to follow schedules and complete tasks on time.Experience defining information security strategy and integrating security technologies into enterprise frameworks.Preferred SkillsKnowledge of technical infrastructure, networks, databases, and systems in relation to IT Security and Risk.Familiarity with security technologies, including:Logging & Monitoring: SIEM, CASBEndpoint Security: EDR, AntiVirus, DLP, compliance toolsNetwork Security: NDR, IPS/IDS, firewalls (traditional and next-gen), cloud security groups, UBAData Protection: Encryption, HSM, KMS, DLPExperience with Azure and AWS cloud services.Direct experience with UC IS-3 is a strong plus.