IT Governance, Risk, and Compliance Analyst

Job Description

Job Description

We are looking for an experienced IT Governance, Risk, and Compliance Analyst to join our team in Ames, Iowa. This long-term contract role offers an opportunity to contribute to maintaining and enhancing cybersecurity compliance programs while collaborating with diverse stakeholders and ensuring adherence to industry standards. The ideal candidate will be meticulous, highly organized, and skilled in managing risk and compliance frameworks.

THIS IS A SHORT TERM CONTRACT

THIS WILL BE ONSITE AT CLIENT LOCATION

Responsibilities :

• Develop and implement comprehensive cybersecurity compliance programs aligned with industry standards such as SOC 2 Type 2, ISO 27001, ISO 27701, and NIST 800-53.
• Analyze, define, and communicate security metrics to support informed decision-making across the organization.
• Conduct audits and assessments to ensure compliance with established governance and risk protocols.
• Collaborate effectively with engineering teams, executives, and external vendors to address cybersecurity risks and requirements.
• Manage third-party vendor relationships to ensure alignment with compliance standards and risk management practices.
• Maintain a disciplined approach to tracking and delivering commitments related to internal security supply chains.
• Provide leadership in cross-functional initiatives, fostering clear communication between technical and non-technical stakeholders.
• Stay current with industry trends and standards through certifications, specialized training, and active engagement.
• Handle multiple tasks in a high-pressure environment while maintaining a thorough and methodical approach to responsibilities.
• A minimum of 3 years of experience in cybersecurity governance, risk, and compliance roles.
• Proven expertise in SOC, ISO standards, data governance, and cyber governance.
• Strong understanding of audit principles, separation of duties, and governance frameworks.
• Excellent attention to detail and ability to manage complex responsibilities.
• Proficiency in working with external and third-party vendors in compliance-related matters.
• Demonstrated ability to define and communicate meaningful security metrics.
• Commitment to ongoing development through certifications and training.
• Exceptional interpersonal skills for effective collaboration with technical and non-technical teams.