Coterie is hiring for a Senior IT Security Risk and Compliance Analyst to help design, build, and operationalize several areas of security, risk, and compliance. In this role, you will pair with our Chief Information Security Officer and other members of the Coterie team to assess current state, recommend security controls based on the NIST Cybersecurity Framework, assist teams in the implementation of those controls, and then track those controls to ensure they are operating effectively, automating that collection whenever possible. In this role you will also be key in designing and building a robust and risk based Third Party Security program. If you are passionate about risk reduction and having the ability to influence and build a risk and compliance program, this is the right role for you!
- Passionate about Risk-Based Cybersecurity programs and enabling the business to operate in a secure and compliant manner.
- Contribute to Coterie’s cybersecurity strategy and plan.
- Lead Risk assessments including scoping, threat and risk scenario identification, and all aspects of the risk assessment process. Identify areas of opportunity to reduce residual risk to a level consistent with risk appetite, and collaborate with CISO and other security team members to build out the security road map.
- Consult on projects and make security control recommendations and assist teams in control design, implementation and tracking.
- Strong desire to drive efficiencies, make risk based decisions, implement automation, and recommend and track meaningful KPIs and KRIs.
- Development and administration of Coterie’s Information Security Program documents including policies, standards and controls library.
- Contribute to the design and building of a comprehensive third party risk management program.
- Work collaboratively and help build a strong cybersecurity team.
- Passion for Risk and Risk Management.
- 3+ years of experience in Information Security, IT Audit or Governance, and/or Risk and Compliance.
- Experience in defining risk assessment processes and program documents beyond control testing.
- Experience in designing controls and measures to determine if controls are operating effectively.
- Strong written and verbal communication skills including the ability to translate technical topics to non-technical audiences.
- Experience with compliance regulations (examples include PCI, HIPAA, NY DFS Regulation 500, NAIC model laws, privacy) and security frameworks (such as NIST Cybersecurity Framework).
- Strong ability to organize and prioritize work in a logical manner to ensure assessments and project work are completed on time and do not negatively impact any project teams.
- Ability to prioritize and manage various project and operational deliverables.
- Experience with an Integrated Risk Management technology (also known as a GRC platform).
- Experience working within or building a third party risk management program.
- Certifications such as CISA, CRISC, CISSP, or privacy.
- Health insurance through Aetna (we pay 100% of premiums)
- Dental (Guardian Dental) and vision insurance (Guardian+VSP) (we pay 100% but there are limits)
- Unlimited PTO. We expect you to take at least 80 hours during the year not including most bank/federal holidays. We also encourage the celebration of personal holidays and important family events.
- Basic Life Insurance
- Flexible Spending Account (FSA)
- Continuing Education Stipend
- 100% Remote
- A culture with a deep belief in intentionality, inclusion, and treating you like the professional you are.
Our HQ is in Montgomery, Ohio, but we operate as a 100% digital business which makes it easy to work remote as your role allows.