Risk and Compliance Analyst

We are seeking a highly skilled and detail-oriented Risk and Compliance Analyst to join our team. The ideal candidate will have an understanding of risk management principles, compliance, and auditing within a public cloud SaaS environment. The ideal candidate will also play a key role in evaluating and assessing risks associated with internal processes and third-party risk management ensuring that operations adhere to relevant regulatory requirements, internal policies, and best practices for risk management. This role involves auditing public cloud environments, assessing security controls, managing vendor risks, and supporting sales enablement efforts to ensure adherence to security and compliance standards.

As a Risk and Compliance Analyst, you will support the development, implementation, and monitoring of the organization's risk management and compliance programs. You will work closely with internal teams including, Legal, HR, Security, Engineering, IT, and other relevant stakeholders to help the organization identify, assess and mitigate risks as well as ensuring adherence to industry regulations and compliance frameworks. Your role will involve evaluating security and IT controls, identifying potential risks, and assisting in the development of mitigation strategies to reduce risk exposure to the organization.

All employees are responsible for understanding and adhering to the organization's security and privacy policies, procedures, and standards. As part of your role, you are expected to protect the confidentiality, integrity, and availability of information and systems within the scope of responsibility. You are expected to participate in required security and privacy training and ensure best practices are applied in all work activities.

Key Responsibilities:

• Assist in conducting regular risk assessments to evaluate potential threats and recommend appropriate mitigation strategies and report on risk status to management.
• Evaluate, assess, and maintain compliance with industry-recognized standards such as SOC 2, ISO 27001, HITRUST, NIST 800-53, and other relevant frameworks.
• Help develop and document controls to mitigate risks and monitor the effectiveness of existing controls through regular testing.
• Assist in the development, review and update of compliance policies, procedures, and standards.
• Collaborate with stakeholders to address compliance gaps and implement corrective actions.
• Conduct thorough risk assessments of existing and potential vendors, ensuring that 3rd-party vendors adhere to the organization's security requirements.
• Provide support to sales teams by addressing client inquiries related to security and compliance requirements, including completing security questionnaires and assisting in RFP responses.

Qualifications and Experience:

• Bachelor’s Degree in Information Security, Computer Science, Risk Management, or a related field.
• 3+ years of experience in vendor risk management, cybersecurity compliance, or IT auditing, preferably within SaaS or cloud technology.
• Experience in assessing and managing risks, including IT, and security.
• Understanding and auditing of information security standards (e.g., NIST 800-53, ISO 27001, SOC 2, etc.) and regulatory requirements (e.g., GDPR, HIPAA).
• Experience in public cloud audit (AWS, Google, Azure, etc.).

Skills and Certifications:

• Knowledge of information security standards, regulatory requirements, and best practices.
• Familiarity with governance, risk and compliance management tools and platforms preferred but not required (e.g., Vanta, RSA Archer, AuditBoard, etc.).
• Ability to perform risk assessments and data analysis to identify potential risks and vulnerabilities.
• Strong attention to detail and critical thinking skills.
• Excellent English written and verbal communication skills, with the ability to explain complex technical issues to non-technical stakeholders.
• Strong organizational and project management skills, with the ability to prioritize and manage multiple tasks effectively.
• Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or similar certifications are a plus.

Why Exterro?

• Impact: Play a key role in a company at the forefront of data risk management, helping businesses safeguard their data in an increasingly complex digital world.
• Growth Opportunity: Join a rapidly growing organization where you can shape and influence revenue operations and product pricing strategy.
• Culture: Work in an innovative, inclusive, and collaborative environment, where your contributions are valued, and your professional development is supported.

Exterro participates in E-Verify and is a drug-free workplace. All employment offers are contingent upon the successful passing of a background check.

We believe in the importance of pay transparency and strive to create a fair and equitable workplace for all employees. As a remote first organization, our compensation reflects the cost of labor across several US geographic markets. The salary range for this remote position is $75,000-$95,000 per year, based on skills, experience and qualifications. The actual offer will be based on the individual candidate. Exterro is a total compensation company, and this role may be eligible for variable pay, equity, bonus and/or other forms of compensation as part of the package. In addition, we offer a comprehensive benefits package that includes health insurance, retirement plans, flexible paid time off and more.

Candidates are encouraged to discuss their salary expectations during the interview process. We are committed to ensuring that compensation aligns with market standards and is commensurate with the responsibilities of the role.