Infosec Risk and Compliance Analyst

IT & Security Yarmouth, Maine United States


Reporting to the Manager, Information Security Compliance, the Information Security Risk & Compliance Analyst will support the oversight of Tyler’s enterprise compliance with applicable regulations, frameworks, standards and client commitments. In addition, they will play a key role in helping to administer and enforce the core components of Tyler Technologies Enterprise Information Security Program in the efforts to ensure the security and integrity of the company’s infrastructure and critical assets. The Information Security Risk & Compliance Analyst will partner with team members across the company to ensure the policies and procedures exist and are effectively executed and enforced.


  • Support the process of standardizing and streamlining annual and ad-hoc information security audits and assessments in compliance with FedRAMP, CJIS, SSAE-18 SOC 1 and SOC2 and other requirements as necessary
  • Assist in the coordination of third parties to help complete the assessments when relevant
  • Create and update information security policies and procedures and assist with the related security awareness programs to both end users and technical staff
  • Assist in the monitoring and enforcement of compliance to security policies
  • Assist with contract and vendor management issues related to security requirements and projects
  • Assist with oversight and execution of Enterprise Risk and Vendor management procedures
  • Aid in the development, evaluation and implementation of governance and compliance processes to mitigate cybersecurity risk and ensure protection of company assets and information
  • Researches and interprets current and pending laws and regulations, industry standards and client and vendor commitments to understand and communicate compliance requirements
  • Consults with business and technical leadership to ensure that data, processes and technology are designed for data protection and compliance
  • Investigates and documents information security compliance issues


The Information Security Risk & Compliance Analyst must be able to:

  • Understand information security concepts such as Information Security compliance standards and technical security risk assessment
  • Translate security control language into natural human language to aid in speed and accuracy of implementation
  • Possess knowledge of common information security and privacy frameworks, such as FedRAMP, CJIS, ISO 27001, PCI-DSS, SSAE 18 SOC 2, HIPAA, CCPA, etc.
  • Provide seamless integration to department and company resources
  • Perform process development, consolidation and optimization at an enterprise level
  • Excellent troubleshooting and analytical skills required
  • Bachelor’s degree or equivalent experience
  • Desired but not required certifications include those such as (ISC)2 CISSP, ISACA CISA or equivalent
  • Excellent customer service, organizational, interpersonal and communication skills
  • Ability to prioritize and complete multiple tasks in a fast-paced, technical environment