IT Risk and Compliance Analyst

Berkeley Research Group (BRG)

IT Risk and Compliance Analyst providing IT security oversight and compliance management across various business units. Collaborating with stakeholders to assess risks and enhance security policies and procedures.

Posted 5/1/2026full-timeWashington • Illinois, Massachusetts, New York, Washington • 🇺🇸 United StatesMid-LevelSenior💰 $90,000 - $115,000 per yearWebsite

About the role

Key responsibilities & impact

Provide IT security, risk, and compliance advice to business units on an ongoing basis.
Analyze and address gaps in operations to ensure integrity of processes, controls, and policies.
Assist in maintaining and updating Information Security Program policies and procedures as needed, also completing a yearly review to ensure all documentation is properly updated.
Provide governance for participation in the information security incident response process by ensuring that the process is being followed and documented.
Respond to escalated security events and drive the security incident response process.
Participate in the evaluation, development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environments.
Works with internal and external auditors to demonstrate and provide evidence for controls that are in place.
May conduct additional testing to validate that items found during testing have been remediated.
Responsible for completion of client security questionnaires and working with the business units to assist with RFI responses related to IT security.
Assists in vendor vetting to ensure our vendors, business partners, or suppliers are using the same or higher security practices.
Assists in conducting Risk Assessments and annual reviews for any new or current vendors, business partners, or suppliers.
Assists with complex security assessments that require both analytical and technical skills across a broad range of Information Technology topics (e.g., Identity and Access Management, Security Architecture, Physical and Environmental, etc.).
Assists with evaluating, testing, documenting, and maintaining the firmwide DR and BCP policies, processes, and standards.
Assists with the Security Awareness Training program initiatives related to phishing campaigns and coordinate with HR to deliver ongoing employee training.

Requirements

What you’ll need

Associate Degree or equivalent work experience
3 years of experience in two or more major information technology functions (infrastructure, operations, datacenter, application support, etc.)
3 years IT security, IT compliance, or IT risk management experience desired.
3 years of experience involving ISO27001 annual surveillance audits and full recertification audits.
Familiarity with industry frameworks and standards such as SOC2, HIPAA, HITRUST is a plus.
Familiarity with GDPR and CCPA.
Familiarity using GRC tools.
Knowledge of application and network security, information security risk and industry best practice (how to best manage risk).
Experience with building, executing, and maintaining DR and BCP program.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Excellent written/verbal communication skills and time management skills.
Strong troubleshooting, problem-solving and analytical skills.
Position may require traveling for short periods.

Benefits

Comp & perks

Health insurance
401(k) matching
Paid time off
Professional development opportunities
Flexible work arrangements

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IT securityIT complianceIT risk managementISO27001SOC2HIPAAHITRUSTGDPRCCPADisaster Recovery (DR) and Business Continuity Planning (BCP)

Soft Skills

analytical skillsproblem-solving skillstroubleshooting skillstime management skillswritten communication skillsverbal communication skillsability to prioritize tasksability to execute tasks under pressure