Rightway

Senior Security Analyst

Rightway

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $120,000 - $145,000 per year

Job Level

Senior

About the role

  • Coordinate and execute recurring GRC tasks such as quarterly access reviews, audit evidence collection, and risk register reconciliation.
  • Document and track completion of control activities and escalate issues where needed.
  • Assist with internal and external audits, ensuring timely and complete evidence collection and review.
  • Collaborate with Sales, Legal, and Product teams to lead responses for customer security questionnaires and RFPs, progressively owning more complex requests as your experience deepens.
  • Maintain and continuously improve a centralized repository of commonly requested security documentation and artifacts (e.g., SOC 2, SIG, CAIQ).
  • Work closely with a broad array of business leaders to conduct initial and periodic vendor risk assessments, ensuring that third parties meet Rightway's security and compliance standards.
  • Track and follow up on remediation plans and risk treatment for vendors posing unacceptable risk.
  • Enable and support automation and optimization of the vendor risk assessment lifecycle using both AI and traditional tooling.
  • Support the implementation and operationalization of AI risk and governance controls in alignment with ISO/IEC 42001 (AI Management System) and emerging regulatory guidance e.g., CAIA (Colorado AI Act).
  • Monitor AI systems for compliance with ethical and legal standards.

Requirements

  • 3-5 years of experience in information security, GRC, or related disciplines.
  • Familiarity with security compliance frameworks and regulations (e.g., SOC 2, ISO 27001, NIST, HIPAA).
  • Experience responding to security questionnaires and customer due diligence requests.
  • Experience performing vendor security reviews and risk assessments.
  • Strong organizational skills and the ability to manage multiple tasks and deadlines simultaneously.
  • Passionate advocate for governance, risk, and compliance, believing that these are not merely check box activities, but vital tools that significantly improve security posture and protect the organization.
  • Interest in emerging technologies and willingness to develop subject matter expertise in AI risk and compliance.
Benefits
  • Health insurance
  • Professional development opportunities
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
GRCrisk assessmentsvendor security reviewssecurity compliance frameworksaudit evidence collectioncontrol activitiesAI risk managementISO/IEC 42001SOC 2NIST
Soft Skills
organizational skillscommunicationcollaborationproblem-solvingtime managementadvocacy for governanceattention to detailability to manage multiple taskspassion for compliancewillingness to learn
Certifications
ISO 27001SOC 2 complianceNIST certificationHIPAA certificationCAIA certification