Risk and Compliance Analyst - RCA 25-29001

Job Title:Risk and Compliance Analyst Duration:12 Months Location:100% Remote Position Overview Risk and Compliance Analystis needed to support the implementation of an information security management program. The analyst will work closely with the Unit Information Security Architect and play a key role in aligning the unit s information security strategy with enterprise standards. This role involves developing, maintaining, and implementing comprehensive information security programs to safeguard information systems, ensure compliance, and mitigate risk. The ideal candidate will demonstrate strong project management skills, the ability to coordinate across stakeholders, and a track record of delivering security and compliance initiatives on time. Key Responsibilities • Conducting Risk Assessments • Perform risk assessments of information systems based on unit information security policies. • Developing Risk Mitigation Strategies • Maintain a security risk log and implement prioritized risk mitigation strategies. • Stakeholder Coordination • Engage with stakeholders to conduct risk assessments and implement mitigation actions. • Provide regular program status reports and escalate impediments as needed. • Compliance with Regulations and Policies • Ensure adherence to industry standards, government regulations, and organizational information security policies. • Program Monitoring in Complex Environments • Organize and manage tasks effectively. • Monitor progress in dynamic environments, recommending techniques and methods to achieve results. • Inventory Management • Maintain an up-to-date inventory of all unit information systems.Required Experience & Skills • 5+ years of IT security or information security experience with demonstrated ability to engage senior management and regulators. • 2+ years administering IT security controls. • 2+ years in security incident response (SOC or Security Operations role). • Strong background inrisk assessments, risk management, and compliance(UC IS-3 or ISO 27002 preferred). • Technical knowledge sufficient to conduct risk assessments across infrastructure, applications, and systems. • Excellent communication skills, with the ability to lead effective meetings and engage customer-facing stakeholders. • Strong project management skills with the ability to follow schedules and complete tasks on time. • Experience defining information security strategy and integrating security technologies into enterprise frameworks.Preferred Skills • Knowledge of technical infrastructure, networks, databases, and systems in relation to IT Security and Risk. • Familiarity with security technologies, including: • Logging & Monitoring:SIEM, CASB • Endpoint Security:EDR, AntiVirus, DLP, compliance tools • Network Security:NDR, IPS/IDS, firewalls (traditional and next-gen), cloud security groups, UBA • Data Protection:Encryption, HSM, KMS, DLP • Experience withAzure and AWS cloud services. • Direct experience withUC IS-3is a strong plus.