IT Risk and Compliance Analyst at Beowulf Electricity & Data Inc – Barker, New York

As an IT Risk and Compliance Analyst, you will play a crucial role in safeguarding our organization's information assets and ensuring compliance with relevant laws and regulations. You will work collaboratively with various departments to assess risks, develop policies, and implement training programs that promote a culture of security and compliance. This position is ideal for an entry-level professional eager to grow in the fields of cybersecurity and data privacy.

Key Responsibilities:

1. Cybersecurity Risk Assessments:

- Assist in conducting internal cybersecurity risk assessments to identify vulnerabilities and potential threats to the organization’s information systems.

- Assist in developing and implementing IT Risk and Compliance tools.

- Collaborate with IT and security teams to recommend mitigation strategies.

2. Vendor Risk Assessments:

- Independently perform vendor risk assessments to evaluate third-party vendor security practices and compliance with applicable regulations.

- Work with vendors to ensure adherence to organizational security standards.

3. Privacy Impact Assessments:

- Help perform privacy impact assessments to evaluate the risks associated with the processing of personal data.

- Support the development of strategies to mitigate privacy risks.

4. Policy Development and Management:

- Assist in developing, reviewing, and managing IT policies and procedures that align with regulatory requirements and industry standards.

- Ensure policies are communicated effectively across the organization.

5. Awareness and Training Development:

- Help create and provision awareness and training materials for employees to promote understanding of cybersecurity and data privacy principles.

- Coordinate training sessions to enhance staff knowledge and compliance.

Knowledge Requirements:

- Strong understanding of risk assessment and risk analysis methodologies.

- Familiarity with policy and procedure development.

- Knowledge of frameworks, industry standards, and regulations such as NIST Cybersecurity Framework (CSF), ISO 27001, SOC 2, NIST 800-53, Sarbanes-Oxley Act (SOX), and General Data Protection Regulation (GDPR).

Skills:

- Excellent verbal and written communication skills.

- Ability to collaborate effectively with cross-functional teams.

- Strong understanding of cybersecurity principles and practices.

- Knowledge of data privacy principles and practices.

Education:

- Required: Bachelor’s degree in computer science, Computer Information Systems, Business Administration, or a related field.

- Required: 3-5 years of experience in IT governance, risk, and compliance without formal education.

Experience:

- Entry-level position with 0-2 years of relevant experience in IT risk management, compliance, or cybersecurity.

Certifications:

- Preferred: Security+, Certified Governance, Risk Management, and Compliance (CGRC), Certified Information Privacy Professional/United States (CIPP/US), Certified Information Privacy Professional/Europe (CIPP/E).