Job Details

Governance, Risk, & Compliance Analyst



Required Skills

    interpersonal and presentation skills

Infinity Consulting Solutions, Inc


7 to 9 Year(s)

Job Description


· Monitor and report on compliance with security policies, as well as the enforcement of policies across the enterprise.

· Provide support and guidance for legal and regulatory compliance efforts, including audit related support as needed.

· Conducts third-party audits as required in order to maintain certifications and compliance certificates.

· Review risks, threats, vulnerabilities and oversee the development of corrective action plans in partnership with management, IT personnel, and other relevant groups.

· Deploy, manage, and maintain a formal information security risk register and the corresponding or associated software.

· Direct risk evaluation and compliance management processes as assigned.

· Follow up on deficiencies identified in reviews, self-assessments, automated assessments, and audits to ensure appropriate remediation plans have been developed and corrective measures have been taken and documented.

· Lead efforts in regulatory compliance and industry best practice standards with PCI DSS, SoX, HIPAA, ISO 27001/27002, NIST, etc.

· Consult on other types of security (e.g., security architecture, secure development lifecycle, physical security issues) as needed.

· Manage the development and implementation of information security policies, procedures, and guidelines.

· Provide guidance and support to management on all policy and standards issues related to information security.

· Ensure employees and third parties understand and fulfill applicable information security policies and standard requirements.

· Develop and conduct information security training and awareness activities.

· Perform other duties as assigned


· 7+ years of experience in information security governance, risk, and compliance program management.

· Bachelors' degree in Computer Science or Information Systems from an accredited college or university, or equivalent of related discipline.

· Proven track record in delivering results in a fast paced and highly complex organization.

· Ability to understand and apply knowledge of information systems security concepts (, secure architectures, secure electronic data communications, network security, and protection of sensitive data).

· Must be knowledgeable about ISO/IEC 27000 series standards, SoX, PCI requirements, and other regulatory compliance requirements, and have experience working in these environments.

· Prior policy development and enforcement experience in a regulated environment.

· Prior experience with information security risk management program development and implementation.

· Ability to relate business requirements and risks to policy and technology implementation.

· Knowledge of risk assessment and remediation procedures.

· Ability to work well with other members of the team, peers, and senior management.

· Strong communication, interpersonal and presentation skills.


· Experience with ISMS Performance Metrics & Reporting.

· An advanced degree or security industry relevant certifications preferred.

Compliance Analyst
Compliance & regulatory

No Preference
FullTime Job

Candidate Requirements

Walkin Information

Recruiter Details
Doug Klares
1350 Broadway, Suite 2205, NEW YORK-10018, NY, US