IT Risk and Compliance Analyst

Job Summary IT Risk and Compliance Analyst position is a highly visible, client‑facing role that works closely with Legal and Business Unit stakeholders and reports to the IT Risk and Compliance Manager. This role is responsible for evaluating, assessing, and monitoring the firm’s risk and compliance with applicable information security standards and frameworks, industry best practices, and applicable laws and regulations. It also coordinates and maintains the Information Security Management Program and implements security policy objectives aligned with business objectives. Reporting Relationships IT Risk and Compliance Manager Key Contacts Works closely with the Legal and Business Unit stakeholders. Works with clients in response to security assessments and due diligence questionnaires covering Healthcare, Financial Services, Construction, Government Contracts, Insurance, Real Estate, and more. Works in conjunction with the IT Security and Infrastructure Team. Major Responsibilities Provide IT security, risk, and compliance advice to business units on an ongoing basis. Analyze and address gaps in operations to ensure integrity of processes, controls, and policies. Assist in maintaining and updating Information Security Program policies and procedures, including yearly reviews to ensure documentation is current. Provide governance for participation in the information security incident response process by ensuring it is followed and documented. Respond to escalated security events and drive the security incident response process. Participate in the evaluation, development and implementation of security standards, procedures and guidelines for multiple platforms and diverse system environments. Work with internal and external auditors to demonstrate and provide evidence for controls that are in place; may conduct additional testing to validate remediation. Complete client security questionnaires and work with business units to assist with RFI responses related to IT security. Assist in vendor vetting to ensure vendors, business partners or suppliers use the same or higher security practices. Assist in conducting risk assessments and annual reviews for any new or current vendors, partners, or suppliers. Assist with complex security assessments that require analytical and technical skills across a broad range of IT topics (Identity and Access Management, Security Architecture, Physical and Environmental, etc.). Assist with evaluating, testing, documenting, and maintaining the firmwide DR and BCP policies, processes, and standards. Assist with Security Awareness Training program initiatives related to phishing campaigns and coordinate with HR to deliver ongoing employee training. Requirements Associate Degree or equivalent work experience. 3 years of experience in two or more major information technology functions (infrastructure, operations, datacenter, application support, etc.). 3 years of IT security, IT compliance, or IT risk management experience desired. 3 years of experience involving ISO27001 annual surveillance audits and full recertification audits. Familiarity with industry frameworks and standards such as SOC2, HIPAA, HITRUST is a plus. Familiarity with GDPR and CCPA. Familiarity using GRC tools. Knowledge of application and network security, information security risk, and industry best practice on managing risk. Experience with building, executing, and maintaining DR and BCP program. Ability to effectively prioritize and execute tasks in a high‑pressure environment. Excellent written and verbal communication skills and time‑management skills. Strong troubleshooting, problem‑solving and analytical skills. Position may require traveling for short periods (up to 5 working days, on rare occasions beyond 5 days); all travel expenses will be reimbursed. Compensation Salary Range: $90,000 – $115,000 Additional Information Candidate must be able to submit verification of legal right to work in the U.S. without company sponsorship. Equal Opportunity Employer BRG is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, religion, color, sex, gender, national origin, age, United States military veteran status, ancestry, sexual orientation, marital status, family structure, medical condition, veteran status, or mental or physical disability, so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. #J-18808-Ljbffr