Senior Security Compliance Analyst

About the Role

Impact you will make

The Senior Cybersecurity Risk Analyst will embrace risk management best practices to ensure FinThrive, its software solutions, and infrastructures adhere to contractual, regulatory, and policy requirements. As a member of the Information Security team, you will support risk management oriented and compliance driven activities in coordination with our GRC, Software Development, Cloud Operations, and Product Management teams.

What you will do

• Security Compliance Coordination




• Lead collaborative engagement with technical and non-technical teams to provide guidance and oversight in maintaining compliance with NIST 800-171 and specific FAR clauses
• Partner with internal control owners, including technical subject matter experts, to ensure alignment with policies, requirements, and regulations
• Ensure the effectiveness of risk management controls through rigorous monitoring and documentation support for both internal and external audits
• Leverage GRC software to facilitate tracking of control compliance and identified risks




• Policy & Documentation




• Lead the annual security policy review and update process
• Ensure appropriate documentation (procedures, SSPs, etc.) is developed to support regulatory, contractual, and policy requirements




• Security Awareness Training




• Participate in advancing FinThrive's Security Culture and Behavior Awareness program through formal and informal training sessions




• Security Risk Management




• Shape the evolution of our risk management program, helping build and refine processes that scale with our growing organization
• Perform risk assessments, identify gaps, and ensure findings/metrics are communicated for leadership visibility
• Propose recommendations and proactively advise as we embrace continual improvement of the information security program
• Perform various other duties or special projects as requested based on department objectives

What you will bring

• Bachelors Degree in Business Administration, Information Systems, or similar
• 6+ years of experience in an information security role
• Experience establishing, monitoring, and improving security or compliance programs
• Experience with NIST 800-53, 800-171, FAR, or FedRAMP
• In depth knowledge of cybersecurity, regulatory governance, and IT security practices
• Relevant professional certification (e.g. CISA, CISSP, CRISC, or similar)
• Experience with GRC software (Archer, OneTrust, Drata, etc.)
• Demonstrated ability to define issues, collect data, establish facts and draw valid conclusions
• Demonstrated ability to prioritize multiple tasks and meet deadlines with supervision
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one

What we would like to see

• Prior experience in healthcare and expertise with HIPAA or HITRUST
• Experience identifying and assessing risk of cloud computing platforms (Azure preferred)
• Experience working for technology companies or SaaS providers