Sr Governance Risk And Compliance Analyst

The responsibilities and expectations for a professional specializing in security architecture and risk management within regulated environments. Key duties include conducting comprehensive risk assessments, developing and maintaining security frameworks, managing third-party risks, collaborating with cross-functional teams, and ensuring compliance with industry standards such as HIPAA, ISO, and NIST. The role involves continuous monitoring, reporting to senior management, and driving improvements in security posture. Candidates should demonstrate strong communication skills, expertise in regulatory compliance, and experience in vendor security assessments and risk management practices.

What will you be responsible for?

• Conduct comprehensive security risk assessments for new and existing systems, applications, and network infrastructure.
• Develop, implement, and maintain security frameworks, standards, and best practices across the organization.
• Oversee third-party risk management (TPRM), including due diligence, assessment, and continuous monitoring of vendor security posture.
• Collaborate with IT, engineering, and business teams to identify and mitigate security risks in design and deployment.
• Perform Security Architecture reviews, risk assessments and gap analysis on critical assets and business processes.
• Advise stakeholders on security solutions and controls, ensuring alignment with regulatory and industry standards (e.g., HIPAA, Hi-Trust, ISO, NIST, GDPR).
• Respond to emerging threats and vulnerabilities by recommending and implementing proactive security measures.
• Prepare and deliver clear reports on architectural and risk findings to senior management. Support compliance initiatives and internal or external audits related to security and risk management.
• Drive continuous improvement in security architecture, risk practices, and awareness throughout the organization.
• Participate in special projects and other duties as assigned, driving ongoing improvement in security posture, risk management, and protection of sensitive information.
  
  
  

• Conduct risk assessments and manage third-party vendor reviews or renewals.
• Host and participate in meetings with engineering, compliance, and business teams to discuss security requirements and remediation plans.
• Review and evaluate architecture diagrams and technical designs for ongoing and upcoming projects.
• Monitor security controls, metrics, incident reports, and issues to identify and respond to risks or weaknesses.
• Prepare documentation, executive summaries, and presentations for decision makers and stakeholders.
  
  
  

• A professional with strong experience in both security architecture and risk management, ideally in complex or regulated environments.
• Proven ability to communicate technical concepts and security risks to both technical and non-technical audiences.
• Experience conducting third-party risk assessments and managing vendor relationships.
• Expertise in industry standards, regulatory compliance, and security frameworks (such as HIPAA, HI-Trust, ISO 27001, NIST 800-53, SOC2).
• A proactive problem-solver with excellent analytical, organizational, and stakeholder management skills.
• Basic knowledge of AI technologies such as Generative AI, Artificial Neural Networks (ANN), Convolutional Neural Networks (CNN), and AI security