Senior Analyst, IS Governance and Compliance

Responsibilities

• Governance & Compliance
• Lead and coordinate internal and external audits, including SOC examinations and regulatory assessments
• Manage compliance with applicable regulations and frameworks (e.g., SOC 1/2, HIPAA, CCPA, NYDFS 500, GLBA)
• Develop, maintain, and enhance information security policies, standards, and procedures
• Ensure compliance artifacts and documentation are accurate, current, and audit‑ready
• Report status updates completely, accurately, and timely manner.
• Maintain subject matter expertise and demonstrate superb critical thinking skills to ensure audit, assessments, and questionnaires are effective and efficient
• Advocate and champion information security practices
• Execute security control maturity assessments using interviews, documentation reviews, and evidence analysis
• Support implementation and continuous improvement of control frameworks such as NIST, ISO 27001, CIS, or COBIT
• Conduct periodic internal assessments for security risk and compliance
• Perform other essential duties as assigned
• Stakeholder Engagement
• Collaborate with IT, security, legal, privacy, procurement, and business teams across the enterprise
• Communicate security and compliance requirements to stakeholders with varying levels of technical expertise
• Provide clear, concise status reporting to management
• Foster strong working relationships and serve as a subject‑matter resource for G&C‑related inquiries
• Serve as a subject‑matter resource for G&C‑related inquiries
• -

Requirements

• Experience working with auditors
• Project management skills for managing multiple complex activities
• Strong organizational skills with the ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem as a team player with a can-do attitude
• Knowledge of controls frameworks and applicable regulatory compliance mandates (e.g., NIST, CIS CSC, COBIT, CCPA, HIPAA, GLBA, SOC 1 Type 2, MAR)
• Conduct research in keeping abreast of regulations and the latest security issues
• Knowledge to evaluate, build, and optimize security program elements as assigned (e.g., logical access control, application security, vendor risk management, network security, privacy)
• Strong written and verbal communication skills and ability to interface with all levels of business and executive leadership
• Excellent analytical, problem-solving, and decision-making skills, applied with a solution-focused attitude
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism
• Bachelor's degree in Information Security, Information Technology, Risk Management, or a related field (or equivalent experience)
• 5+ years of experience in information security governance, risk management, audit, or compliance
• Certifications such as CISA, CISM, CISSP, CRISC, CIPP, or GIAC or equivalent professional certifications
• Strong working knowledge of security and privacy frameworks and regulatory requirements
• Experience supporting or leading internal and external audits
• Excellent analytical, written, and verbal communication skills
• Experience with GRC platforms (e.g., Archer, ServiceNow GRC, or similar tools)
• #LI-AM1
• #LI-HYBRID
• JM FAMILY IS PROUD TO BE AN EQUAL OPPORTUNITY EMPLOYER

Additional Information

The Senior Information Security Governance & Compliance (G&C) Analyst at JM Family Enterprises plays a key role in supporting and maturing the organization's information security governance and compliance program. This position is responsible for supporting compliance initiatives, executing and coordinating audits, performing security control assessments, and partnering with business and technology stakeholders to ensure adherence to regulatory, contractual, and internal security requirements. The Senior Information Security G&C Analyst serves as a trusted advisor to control owners, helps operationalize security controls across the enterprise, and provides stellar customer service to stakeholders. This role will report to the Governance, Risk, and Compliance and Offensive Security Manager and support the Information Security department to provide the highest quality assurance program to our customers. This is an onsite/hybrid role (3 days/week) from our Deerfield Beach office in South Florida.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at jmfamily? Share your experience