Risk and Compliance Analyst, Information Security Governance

Information Technology New York, New York


The Risk and Compliance Analyst will be an innovative, self-driven team player who will be able to educate, provide guidance, and help drive a risk appreciation for information security and compliance throughout the company. This individual is a business partner and enabler who is seen as a trusted adviser and partner for various departments (Legal, Finance, Internal Audit, IT, Business Units, etc.) and teams.


  • Provide support to the governance risk and compliance management program to achieve certifications such as ISO 27001/27002, HiTRUST, NIST, PCI-DSS and others as appropriate

  • Conduct security risk assessments across the organization, rank security risks, articulate risk in terms of business impact, and suggest reasonable strategies to mitigate risks.

  • Liaise closely with j2 Global Internal Audit team, business leaders, external auditors and customers.

  • Conduct acquisition target and vendor security risk assessments, provide risk based recommendations to the organization, and evaluate the company’s risk posture.

  • Serves as a company representative with prospects, customers, and partners by assisting with completing security questionnaires, assessments and audits

  • Provide Information Security consulting and security awareness education to the business

  • Develop, maintain, and enforce strong information security policies, procedures, and position papers


  • 5 to 10+ years in IT Systems/Information Assurance experience with a Bachelors preferred.

  • Demonstrated experience working with regulatory requirements and standards (PCI-DSS, SOC, HIPAA, ISO, BSI, GDPR etc.) and frameworks (ISO, NIST, OWASP, etc.).

  • The ability to communicate complex security risks to non-technical staff

  • Strong work ethic, attention to detail, and organizational skills

  • Ability to multi-task and manage priorities in a fast-paced environment

  • Ability to collaborate in a team setting, as well as work independently

  • Relevant certification(s) are preferred (e.g. CRISC CISSP, CISM, CISA, CCSK)

  • Big-4/Consulting experience is preferred
  • Experience with on prem and Cloud environments preferred.

  • Willingness and ability to travel domestically and internationally when needed