Cybersecurity Risk & Compliance Specialist

Cybersecurity Risk & Compliance Specialist

Overview / Summary
We are seeking a Cybersecurity Risk & Compliance Specialist to review cybersecurity laws and policies, analyze their impact on the organization, and support security policy, controls, and third-party risk management activities. This role is responsible for monitoring compliance risk and vulnerabilities, advising on security controls for globally deployed IT infrastructure, and leading regulatory cybersecurity assessment and questionnaire activities. This position is hybrid and requires 4 days per week onsite.

Key Responsibilities

• Review cybersecurity laws, policies, and initiatives and analyze their impact on the organization
• Develop security policies and procedures
• Drive development of technical solutions to implement policies
• Manage third-party security risk program activities, including risk standards and processes
• Advise on, review, and help ensure security controls and their efficiency for IT infrastructure deployed globally
• Monitor processes for compliance risk and vulnerabilities and escalate non-compliance issues to key stakeholders
• Advance company policy priorities on cybersecurity, cybercrime, lawful access, encryption, and related issues through legislative proposals, administrative actions, and regulatory actions
• Establish and maintain working relationships with government affairs and public policy representatives of other companies to achieve objectives
• Lead the end-to-end management of regulatory cybersecurity assessments and questionnaires from local, state, and national government entities
• Support strategic consolidation of global IT regulatory requirements
• Act as a subject matter expert for internal teams by providing guidance on IT security, risk mitigation, and control implementation
• Collaborate closely with privacy and compliance attorneys to interpret and execute IT-related regulatory requirements
• Facilitate and support internal and external audits, third-party consulting engagements, and comprehensive risk assessments
• Manage user stories and backlogs within JIRA to maintain transparency and momentum for compliance activities integrated into the broader technology roadmap

Required Qualifications

• Bachelor’s Degree
• 7+ years of experience in a relevant field
• Risk assessment experience
• Risk management experience
• Compliance professional experience
• Auditing experience
• Information security experience
• Ability to perform targeted risk assessments comparing current security posture against requirements mandated by various state agencies
• Ability to evaluate risk of non-compliance and determine whether the organization can meet security standards often found in state-level questionnaires
• Ability to manage the lifecycle of identified security deficiencies
• Ability to facilitate development of remediation plans for identified gaps
• Ability to document compensating controls and articulate the organization’s risk-handling strategy to state regulators
• Ability to serve as the primary interpreter of diverse state cybersecurity regulations and frameworks
• Ability to identify and organize supporting evidence for questionnaire submissions
• Ability to translate complex technical architectures into clear, concise responses for state-level security inquiries