Compliance Analyst

This range is provided by Specialized Recruiting Group. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$70,000.00/yr - $90,000.00/yr

Job Title: IT Risk and Compliance Analyst

MUST BE US CITIZEN

We are assisting in the recruitment of an IT Risk and Compliance Analyst. You will play a crucial role in safeguarding our organization's information assets and ensuring compliance with relevant laws and regulations. You will work collaboratively with various departments to assess risks, develop policies, and implement training programs that promote a culture of security and compliance. This position is ideal for an entry-level professional eager to grow in the fields of cybersecurity and data privacy.

1. Cybersecurity Risk Assessments:
   • Assist in conducting internal cybersecurity risk assessments to identify vulnerabilities and potential threats to the organization’s information systems.
   • Assist in developing and implementing IT Risk and Compliance tools.
   • Collaborate with IT and security teams to recommend mitigation strategies.
   • Independently perform vendor risk assessments to evaluate third-party vendor security practices and compliance with applicable regulations.
   • Work with vendors to ensure adherence to organizational security standards.
2. Privacy Impact Assessments:
   • Help perform privacy impact assessments to evaluate the risks associated with the processing of personal data.
   • Support the development of strategies to mitigate privacy risks.
3. Policy Development and Management:
   • Assist in developing, reviewing, and managing IT policies and procedures that align with regulatory requirements and industry standards.
   • Ensure policies are communicated effectively across the organization.
4. Awareness and Training Development:
   • Help create and provision awareness and training materials for employees to promote understanding of cybersecurity and data privacy principles.
   • Coordinate training sessions to enhance staff knowledge and compliance.

• Strong understanding of risk assessment and risk analysis methodologies.
• Familiarity with policy and procedure development.
• Knowledge of frameworks, industry standards, and regulations such as NIST Cybersecurity Framework (CSF), ISO 27001, SOC 2, NIST 800-53, Sarbanes-Oxley Act (SOX), and General Data Protection Regulation (GDPR).

• Excellent verbal and written communication skills.
• Ability to collaborate effectively with cross-functional teams.
• Strong understanding of cybersecurity principles and practices.
• Knowledge of data privacy principles and practices.

• Required: Bachelor’s degree in computer science, Computer Information Systems, Business Administration, or a related field.
• Required: 3-5 years of experience in IT governance, risk, and compliance without formal education.

Entry-level position with 0-2 years of relevant experience in IT risk management, compliance, or cybersecurity.

• Preferred: Security+, Certified Governance, Risk Management, and Compliance (CGRC), Certified Information Privacy Professional/United States (CIPP/US), Certified Information Privacy Professional/Europe (CIPP/E).

The salary for an IT Risk and Compliance Analyst in Buffalo, NY typically ranges from $70,000 to $90,000 per year, depending on the candidate’s level of education, certifications, and relevant experience. Entry-level positions may start closer to the lower end of the range, while those with additional certifications or experience may command higher salaries.

Entry level

Full-time

Information Technology

Services for Renewable Energy