IT Risk and Compliance Analyst
US-GA-Atlanta
Rollins Careers
Req #: 37868
Type: Regular Full-Time
|
|
|||||||
|
||||||||
Overview: Ready for your next challenge? We are seeking top talent to join the Cyber Security team!! We are seeking a dedicated and detail-oriented IT Risk and Compliance Analyst specializing in Governance, Risk, and Compliance (GRC) and Cybersecurity to join our growing team. This role is responsible for identifying, assessing, and mitigating organizational IT risks, including third-party risks. The ideal candidate will have experience managing organizational risks, overseeing third-party relationships, and ensuring that security controls are effectively integrated into these partnerships to protect the organization's sensitive data systems. Apply in minutes with a resume, even from your mobile! Responsibilities: You Will be responsible for... * Third-Party Risk Assessment: Conduct comprehensive risk assessments of third-party vendors and service providers, evaluating their security posture, policies, procedures, and controls. Identify any vulnerabilities and work with stakeholders to ensure proper mitigation plans are in place. * Due Diligence & Vendor Evaluation: Support the due diligence process by evaluating the security and compliance frameworks of potential vendors. Ensure vendors meet the organization's security standards and regulatory requirements before formal agreements are made. * Risk Assessment & Analysis: Identify and evaluate security risks related to information systems, applications, and data. Perform risk assessments to determine the likelihood and impact of potential threats. * Risk Mitigation: Collaborate with cross-functional teams to develop, implement, and monitor risk mitigation strategies, including technical controls, process improvements, and security policies. * Security Compliance & Audits: Ensure compliance with security frameworks (e.g., NIST, ISO 27001) and relevant laws (e.g., GDPR, HIPAA, SOX). Support internal and external security audits. * Reporting & Documentation: Create and maintain comprehensive risk assessment reports, dashboards, and documentation to track and communicate security risk status to senior management. * Continuous Monitoring & Reporting: Continuously monitor third-party vendors' security practices and compliance status throughout the lifecycle of the partnership. Develop and present regular reports to management on third-party risk status and recommended actions. * Collaboration with Business Units: Work closely with procurement, legal, and other business units to integrate security requirements into vendor contracts and agreements. Provide guidance and support to business teams in managing vendor relationships with a focus on security. * Policy & Procedure Development: Develop, review, and update internal policies and procedures related to third-party risk management. Ensure that these align with industry best practices, compliance frameworks, and regulatory requirements. The Benefits. . . * Challenging position with a financially stable and reputable company * Comprehensive benefits package including medical, dental, vision, maternity & life insurance * 401(k) plan with company match, employee stock purchase plan * Teammate discounts, tuition reimbursement, dependent scholarship awards * Paid Time Off * Work Environment: This opportunity is remote once onboarded and trained. Must reside in GA. Why Rollins? Rollins, Inc., is a global consumer and commercial service company who provides accurate, comprehensive, and efficient pest management services for both residential and commercial customers. The Pest Management industry is $20B and growing and provides services and protection against termite damage, rodents, and insects to more than 2M customers in the US alone. Rollins is headquartered in Atlanta, GA and has over 800 locations worldwide, 20,000 teammates and reaches over $3.5B Revenues annually (NYSE: ROL). The core business is operated through our wholly owned subsidiaries, the largest companies include Orkin US, HomeTeam Pest Defense, Clark Pest Control, Fox Pest Control, Orkin Canada, Western Pest Services, Northwest Exterminating and TruTech Wildlife. The mission of Rollins is to empower our brands to focus on best serving their teammates and customers. Learn more about Rollins careers as well as our diversity, equity and inclusion efforts on our Careers Page Qualifications: The Experience You Will Bring (Minimum Requirements): * Bachelor's degree in Information Security, Cybersecurity, Risk Management, related field or equivalent experience * Certified Information Systems Security Professional (CISSP), Certified Information Security Assessor (CISA), or Certified in Risk and Information Systems Control (CRISC) * Other relevant certifications like CISM (Certified Information Security Manager), GIAC Certified Incident Handler (GCIH), or Payment Card Industry Qualified Security Assessor (PCI QSA) are a plus * Minimum of 2-4 years of experience in Information Security, Risk Management, or IT auditing with a focus on third-party risk management * Experience with third-party risk management tools (e.g., RSA Archer, ServiceNow, OnSpring, etc.) * Experience with risk assessment methodologies and risk management best practices Skills and Competencies: * The ideal candidate will have strong knowledge of risk management, regulatory requirements, and security controls, as well as a track record of supporting GRC programs * Solid knowledge of security frameworks and standards (e.g., NIST, PCI, ISO 27001, SOC 2, GDPR, etc.) * Familiarity with risk management tools and platforms * Strong understanding of regulatory and compliance requirements related to third-party security * Excellent analytical and problem-solving skills * Ability to communicate complex security concepts effectively to both technical and non-technical stakeholders * Strong interpersonal skills and the ability to collaborate with cross-functional teams * Ability to work independently and in a team environment Key Attributes: * Analytical Thinking. An ability to assess and break down complex situations to identify risks and vulnerabilities in IT systems * Attention to Detail. Ensuring that no risk is overlooked, and every component is examined for potential weaknesses * Problem-Solving Skills. Capable of developing solutions to address identified risks or challenges in systems and operations * Strong Communication Skills. Effectively communicates risks, findings, and recommendations to technical teams, management, and stakeholders * Technical Knowledge. Familiarity with IT infrastructure, systems, and security protocols, such as firewalls, encryption, networks, and cloud technologies * Critical Thinking. Ability to evaluate the potential impact of risks and assess them from different perspectives before making recommendations * Proactive Mindset. Ability to foresee potential risks and take preventive measures before issues arise * The IT landscape is constantly changing. A good IT risk analyst must stay flexible and able to adjust strategies or solutions based on evolving threats and technology * Collaboration and Teamwork. Often working with cross-functional teams, it's important to be a team player, whether in incident response, risk assessments, or solution implementation * Knowledge of Risk Management Frameworks. Understanding risk management methodologies, such as ISO 27001, NIST, or FAIR, and how to apply them effectively * Ethical Integrity. Handling sensitive information and making decisions that align with ethical standards and company policies * Stress Management. IT risk analysts sometimes face high-pressure situations, especially when dealing with vulnerabilities or breaches. Staying calm and focused is essential * Continuous Learning. Staying current with new threats, emerging technologies, and evolving best practices in cybersecurity and risk management * Business Acumen. Understanding the business implications of IT risks and how they relate to the overall goals and objectives of the
Share this job:
