Job Specifications
*this is with our Fortune 500 3PL Client
*DIRECT HIRE -- 120-130k
*Remote (EST Working Hours)
*W2 ONLY
The Senior Information Security Risk & Compliance Analyst will be responsible for supporting the security direction of the business and elevating the company's security posture. The Analyst is expected to support the security strategy within new and existing information systems capabilities. The Analyst's role lies within the Chief Information Security Officer's organizational structure, reporting to the Manager of Information Security Governance, Risk and Compliance. The role oversees the business' security requirements and obligations mandated by standards and regulations. In tandem with security leadership, the GRC security analyst consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the GRC security analyst monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the GRC security analyst must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.
Required Skills & Experience
-7+ years of experience of experience with technology risks, governance, IT risk management, compliance, information security, or privacy programs required.
- Strong experience with cybersecurity and information security frameworks (e.g., NIST CSF, ISO/IEC 27000).
- Experience with major regulatory and security/privacy standards (SOX, HIPAA, GDPR, PCI‑DSS).
- Knowledge of information security risk and IT controls frameworks (ISO/IEC 27005, COBIT, OCTAVE).
- Strong written and verbal communication skills with the ability to explain complex topics clearly to diverse audiences.
- Able to influence stakeholders, collaborate across teams, and maintain professional relationships at all organizational levels.
- Effective meeting facilitation skills and ability to gather and communicate requirements efficiently.
- Strong analytical skills with the ability to identify, assess, and communicate risk.
- Sound judgment and decision‑making skills; able to weigh options and recommend appropriate actions.
- Ability to analyze, organize, and systematize data and documentation accurately.
Day to Day Responsibilities:
Conduct enterprise-wide security risk assessments, identify program gaps, and support remediation to reduce organizational risk.
Maintain and improve the ISO 27001–aligned ISMS; coordinate documentation, audits, and compliance activities across teams.
Perform third‑party security risk assessments, deliver findings to stakeholders, and support contract reviews for security and privacy requirements.
Develop, track, and analyze security and compliance metrics; report program performance to security and business leadership.
Design and document IT general controls; coordinate internal/external audits, manage remediation of findings, and support SOC, ISO, and PCI certifications.
Coordinate accurate and timely responses to customer security questionnaires and maintain a repository of requirements.
Contribute to the development and lifecycle management of security policies, standards, and procedures in collaboration with cross‑functional partners.
About the Company
Insight Global is an international professional services and staffing company specializing in delivering talent and technical solutions to Fortune 1000 companies across the IT, Non-IT, Healthcare, and Engineering industries. Fueled by staffing and talent experts, Evergreen, our professional services brand, brings technical advisors and culture consultants to help customers tackle their biggest challenges. With over 70 locations across North America, Europe, and Asia, and global staffing capabilities in 50+ countries, our tea...
Know more