CrawlJobs Logo
UC San Diego Logo UC San Diego · IT - Administration

It Security Risk And Compliance Analyst

United States, San Diego 105000.00 - 132000.00 USD / Year · Job Posted May 29, 2026
Apply Position
Job Link Share

Job Description

The IT Security Risk and Compliance Analyst executes processes across the organization to conduct the required IT security risk assessment and compliance program to reduce information security risk, address threats and vulnerabilities to information assets, monitor compliance to policy, and improve the overall security posture of the University. The role performs security risk assessments and internal security audits/reviews, supports external audits and accreditation activities, and operates the governance components of the vulnerability management program. This includes vulnerability analysis, risk based prioritization, remediation tracking, validation of remediation effectiveness, and documentation of risk acceptance where remediation is deferred. The position provides recommendations for security controls and ensures follow through through established governance processes to meet campus policy and regulatory requirements such as HIPAA, PCI, FERPA, and related standards. The incumbent maintains clear, audit ready decision records and evidence artifacts that support internal and external audits, regulatory oversight, and legally mandated information requests. This includes documentation of risk assessments, vulnerability decisions, compensating controls, governance approvals, secure handling of sensitive data, access constraints, and defensible evidence production for legal hold and eDiscovery matters. These activities are required elements of HIPAA compliance and are used to prioritize remediation based on risk, including patient safety and operational resiliency impacts where applicable. Thorough, documented risk assessments and compliance programs are foundational components of the Information Security Program and drive security improvement activities across the organization.

Job Responsibility

  • The IT Security Risk and Compliance Analyst executes processes across the organization to conduct the required IT security risk assessment and compliance program to reduce information security risk, address threats and vulnerabilities to information assets, monitor compliance to policy, and improve the overall security posture of the University.
  • The role performs security risk assessments and internal security audits/reviews, supports external audits and accreditation activities, and operates the governance components of the vulnerability management program. This includes vulnerability analysis, risk based prioritization, remediation tracking, validation of remediation effectiveness, and documentation of risk acceptance where remediation is deferred.
  • The position provides recommendations for security controls and ensures follow through through established governance processes to meet campus policy and regulatory requirements such as HIPAA, PCI, FERPA, and related standards.
  • The incumbent maintains clear, audit ready decision records and evidence artifacts that support internal and external audits, regulatory oversight, and legally mandated information requests. This includes documentation of risk assessments, vulnerability decisions, compensating controls, governance approvals, secure handling of sensitive data, access constraints, and defensible evidence production for legal hold and eDiscovery matters.

Requirements

  • Seven (7) years of related experience, education/training, OR a Bachelor’s degree in related area plus three (3) years of related experience/training. Related experience: experience performing security risk assessments and/or internal security reviews to ensure that security controls meet policy and/or regulatory requirements, including evaluating control design and effectiveness. This may include experience in areas such as IT security risk and compliance (GRC), IT audit, vendor/third-party risk assessments, security consulting or assessment roles, or technical security roles with responsibility for evaluating control effectiveness and producing audit-ready documentation.
  • Ability to follow department processes and procedures.
  • Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
  • Experience using IT security systems and tools.
  • Knowledge of data encryption techniques.
  • Knowledge of other areas of IT, department processes and procedures.
  • Demonstrated skills applying security controls to computer software and hardware.
  • Experience in incident response and digital forensics including data collection, examination and analysis.
  • Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks.
  • Knowledge of computer hardware, software and network security issues and approaches.
  • Demonstrated experience selecting and applying appropriate data encryption technologies.

Nice to have

  • Exposure to vulnerability management programs, including risk based prioritization, remediation tracking, validation of remediation effectiveness, and documentation of risk acceptance.
  • Ability to apply security risk assessment practices to third party/vendor reviews, including evaluation of evidence, identification of risks, and documentation of findings and conditions.
  • Familiarity with legal hold and eDiscovery workflows, including secure handling of sensitive exports and defensible evidence production.
  • Familiarity with external security audits/accreditations and internal security audit/review processes.
  • Comfort operating in regulated environments (healthcare and/or research) and with applicable compliance drivers (e.g., HIPAA, PCI, FERPA, campus policy requirements).
  • Skilled in documenting risk exceptions/acceptances, compensating controls, and governance routing/approvals.
  • Strong cross functional advisory skills with technical and non technical stakeholders.
UC San Diego - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

It Security Risk And Compliance Analyst

8 matching positions

Senior Security & Compliance Analyst

Become a Senior Security & Compliance Analyst for Bloomreach! You will be an ess...
Location
Location
Slovakia , Bratislava; Brno; Prague
Salary
Salary:
3000.00 EUR / Month
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong knowledge of industry compliance requirements and standards
  • Good understanding of SaaS Business
  • Good understanding of Governance, Risk, and Compliance in IT environment
  • Outstanding communication and interpersonal abilities
  • Previous experience as a compliance analyst, compliance officer, compliance manager, or similar position in a related field
  • Advanced analytical abilities
  • Effective research skills
  • Ability to perform under pressure
  • Experience with ISO security standards
  • Experience with SOC auditing
Job Responsibility
Job Responsibility
  • Perform periodic audits on company procedures and processes and report on the organization’s compliance
  • Identify, analyze, and resolve compliance issues
  • Support the sales process by completing RFPs
  • Ensure that all policies and standards are regularly reviewed and up-to-date
  • Keep the company’s process mapping and responsibilities structure chart up to date
  • Develop and update existing compliance policies and related documentation
  • Proactively research to stay up-to-date with regulations and rules
  • Communicate regulations to internal and external parties
  • Assist with management review preparation
  • Communication with clients across various regions (EMEA, US)
What we offer
What we offer
  • Restricted stock units
  • Company performance bonus
  • Great deal of freedom and trust
  • Flexible working hours
  • Virtual-first work with several Bloomreach Hubs
  • Company events
  • 5 paid days off to volunteer
  • People Development Program
  • Communication coach
  • Leader Development Program
  • Fulltime
Read More
Arrow Right

Senior Security & Compliance Analyst

Become a Senior Security & Compliance Analyst for Bloomreach! You will be an ess...
Location
Location
Czechia , Bratislava; Brno; Prague
Salary
Salary:
Not provided
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong knowledge of industry compliance requirements and standards
  • Good understanding of SaaS Business
  • Good understanding of Governance, Risk, and Compliance in IT environment
  • Outstanding communication and interpersonal abilities
  • Previous experience as a compliance analyst, compliance officer, compliance manager, or similar position in a related field
  • Advanced analytical abilities
  • Effective research skills
  • Ability to perform under pressure
  • Experience with ISO security standards
  • Experience with SOC auditing
Job Responsibility
Job Responsibility
  • Perform periodic audits on company procedures and processes and report on the organization’s compliance
  • Identify, analyze, and resolve compliance issues
  • Support the sales process by completing RFPs
  • Ensure that all policies and standards are regularly reviewed and up-to-date
  • Keep the company’s process mapping and responsibilities structure chart up to date
  • Develop and update existing compliance policies and related documentation
  • Proactively research to stay up-to-date with regulations and rules
  • Communicate regulations to internal and external parties
  • Assist with management review preparation
  • Communication with clients across various regions (EMEA, US)
What we offer
What we offer
  • A great deal of freedom and trust
  • Flexible working hours
  • Virtual-first work with several Bloomreach Hubs
  • Company events
  • 5 paid days off to volunteer
  • People Development Program
  • Communication coach
  • Leader Development Program
  • $1,500 professional education budget
  • Employee Assistance Program
  • Fulltime
Read More
Arrow Right

Security Governance Risk & Compliance (GRC) Analyst

Here at Virtru you’ll help build a cutting edge security compliance program alig...
Location
Location
United States , Washington, DC
Salary
Salary:
130000.00 - 180000.00 USD / Year
virtru.com Logo
Virtru
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC Analyst/Engineer experience
  • Deep understanding of at least few of the following: CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy compliance frameworks
  • Technical acumen. Strong understanding of modern cloud technologies (AWS, GCP, Azure, etc.) and familiarity with GRC tools (Hyperproof, Vanta, Drata, etc) and SIEM tools (Datadog, Splunk)
  • You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
  • Have experience training and coaching teams to become better security and privacy practitioners
  • Like working on an autonomous agile team
  • Ability to resolve conflicts and drive issues to completion
  • Work independently with little or no supervision while maintaining a high level of efficiency
  • Hands on experience deploying and managing vulnerability scanning/cloud security posture management tools (Wiz, Prismacloud, etc.) to meet security compliance requirements
  • Real-world IR experience participating on security On-Call teams
Job Responsibility
Job Responsibility
  • Manage and implement complex controls frameworks for large systems, consisting of Cloud infrastructure and Software as a Service (SaaS) services (GCP, AWS, GitHub, Okta, etc)
  • Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS services
  • Conduct risk assessments across business units and processes. Identify risk findings and recommend remediation and risk mitigation strategies
  • Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders
  • Incorporate CMMC certification into Virtru’s slate of compliance assessments and ongoing monitoring activities (FedRAMP, SOC 2, PCI)
  • Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners
  • Participate in incident response (IR) activities, providing risk analysis and remediation support as needed
  • Enhance the team with your individualism, spirit, and love of learning
What we offer
What we offer
  • A Flexible PTO policy
  • A $1,500 annual Learning & Development Stipend
  • Frequent company-sponsored team celebrations
  • Access to an Employee Assistance Program
  • Access to Headspace, a mental health app
  • A flat 3% contribution to your retirement account
  • A high degree of flexibility
  • Competitive compensation
  • Generous parental, medical, and bereavement policies
  • 401K contribution and stock options
  • Fulltime
Read More
Arrow Right

Senior Governance, Risk and Compliance Analyst - Governance

Come join the company that is reinventing cloud security and empowering business...
Location
Location
Netherlands
Salary
Salary:
Not provided
wiz.io Logo
Wiz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in one or more of the Governance, Risk, and Compliance domains
  • Passion for security and keeping Wiz safe
  • Ability to collaborate with technical and non-technical teams alike to further oversight responsibilities of Security
  • Deep knowledge of one or more industry frameworks such as ISO 27001, ISO 27017, SOC 2, PCI DSS, NIST CSF, etc. and baseline knowledge of others
  • Ability to assist with security compliance assessments to ensure compliance with internal and external requirements (ISO, NIST, CIS, etc.)
  • Experience working in a fast-paced tech environment both independently, and collaboratively within a team environment
  • Ability to build strong relationships across teams and functions in a global workplace
  • Applicants must have the legal right to work in the country where the position is based, without the need for visa sponsorship
Job Responsibility
Job Responsibility
  • Design and update policies, procedures, and controls to drive confidentiality, integrity, and availability across the Wiz environment
  • Continuously improve processes, tools, and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to address governance and compliance needs and to support the Wiz Control Framework, partnering with Engineering, Product, Sales, Legal, HR, and other teams
  • Proactively improvement control design and performance to address a changing risk landscape
  • Deliver timely audits through working with internal and external auditors
  • Help customer-facing teams respond to information security requirements and questionnaires
  • Assist with third party risk management reviews, assessing vendor’s security, compliance, and privacy posture
  • Participate in team project management, including documentation, project planning, task management, and prioritization
  • Participate in recurring annual core audits (e.g., SOC 2, ISO, PCI)
  • Maintain awareness of security and regulatory trends, perform research and analysis on new certifications, and help Wiz pursue new international compliance initiatives
Read More
Arrow Right

Risk & Information Security Associate Analyst

We are looking for a highly organized, detail-oriented Risk & Information Securi...
Location
Location
Cyprus , Nicosia
Salary
Salary:
Not provided
www-ap.albourne.com Logo
Albourne
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2–3 years of professional experience
  • Excellent organizational skills with the ability to manage multiple workstreams and meet deadlines in a dynamic environment
  • Strong written and verbal communication skills, including the ability to prepare concise, well-structured documents and interact professionally across all levels of the business
  • Meticulous attention to detail, particularly in preparing audit materials, compliance documentation, and reviewing access controls
  • Proactive and self-motivated, able to work independently and across time zones without direct daily supervision
  • Comfortable handling sensitive and confidential information with discretion
  • Interest in technology, cybersecurity, and enterprise risk
  • Basic understanding of information security principles and frameworks (e.g., ISO 27001, NIST)
  • Ability to interpret and work with structured information (e.g., policies, risk registers, audit plans)
  • Capable of coordinating inputs from multiple stakeholders and compiling them into coherent outputs (e.g., committee papers, training summaries, client DDQs)
Job Responsibility
Job Responsibility
  • Monitor and report on the effectiveness of information security controls
  • Support the identification, tracking, and resolution of security incidents or weaknesses
  • Assist in maintaining security metrics and dashboards for internal reporting
  • Contribute to the assessment of operational, technology, and third-party risks
  • Assist in evaluating controls and proposing mitigation strategies aligned with risk appetite
  • Participate in internal audits and control testing, ensuring timely remediation of findings
  • Help maintain and enforce security and risk management policies and procedures
  • Support compliance with relevant data protection, privacy, and information security regulations
  • Coordinate periodic user access reviews and assist with awareness initiatives
  • Work across departments to gather risk-related information and support secure business operations
What we offer
What we offer
  • Support for professional qualifications (such as CFA and CAIA)
  • Career growth and tools for ongoing learning and development
  • Medical insurance for you and your dependents
  • Provident fund
  • Yearly bonus dependent upon performance and company growth
  • Opportunity for international travel (i.e., short periods of secondment to other Albourne offices)
  • 5 additional service recognition holidays in surplus to standard annual leave
  • Albourne Training Days (minimum of 40 hours per year)
  • Free office parking
  • A supportive, diverse, and multi-cultural work environment
  • Fulltime
Read More
Arrow Right

Senior Information Security Compliance Analyst

We're looking for a technically grounded Senior IS Compliance Analyst who speaks...
Location
Location
United States , Chicago
Salary
Salary:
90000.00 - 130000.00 USD / Year
blumeglobal.com Logo
Blume Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands-on experience in technical security roles such as Security Operations, Incident Response, Security Analysis, penetration testing, or similar
  • Practical knowledge of security tools, SIEM platforms, vulnerability management, and security monitoring
  • and ability to read and understand security logs, configurations, and technical documentation
  • 6+ years of total experience with significant time in GRC
  • Working knowledge of ISO 27001, NIST frameworks, SOC 1/2, and GDPR requirements
  • Experience developing and implementing information security policies and controls
  • ISO 27001:2022 Lead Implementer and Lead Auditor certification
Job Responsibility
Job Responsibility
  • Lead technical security assessments and integration of acquired companies, mapping their security architectures and controls to our GRC frameworks, identifying gaps, and building remediation roadmaps that address both technical security and compliance alignment
  • Bridge technical security and business stakeholders by evaluating risks through a technical lens, working alongside security engineering teams to translate GRC requirements into practical security measures, and communicating effectively across technical and non-technical audiences
  • Develop and harmonize security policies and control frameworks across acquired entities, ensuring they're both audit ready and operationally sound, while translating between technical security requirements and governance documentation
  • Own customer security questionnaire responses by leveraging your hands-on security background to provide detailed, accurate answers and collaborating with infrastructure, application security, and operations teams to gather technical evidence
  • Drive continuous improvement of our GRC program through technical security enhancements, meaningful security and compliance metrics, and process improvements that increase both control effectiveness and operational efficiency
What we offer
What we offer
  • health and welfare benefits
  • tuition assistance
  • 401K savings and other retirement programs
  • employee assistance programs
Read More
Arrow Right

Governance, risk and compliance technical analyst intern

This is a 10 week internship program that runs from May 27th, 2026 to August 7th...
Location
Location
United States , San Diego; San Francisco
Salary
Salary:
35.00 USD / Hour
gofundme.com Logo
GoFundMe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Confidently maintain clear and concise communication with colleagues while working in a remote or hybrid environment
  • Inquisitive with a solution-oriented mindset
  • Demonstrate excellent analytical, problem-solving, time-management, and multitasking abilities
  • Passionate about staying current on regulatory changes, industry guidance, and card scheme compliance
Job Responsibility
Job Responsibility
  • Coordinate external auditor requests and facilitate meetings with Information Technology, Engineering Teams, Security and Control Owners
  • Build trust center tiles to communicate internal controls to customers and regulatory bodies
  • Assist in evidence collection for IT control reviews, infrastructure, change management and product releases
  • Assist in building communication portfolios, customer journeys and feedback forms for all audit stakeholders to ensure consistency in reaching audit goals, and note potential opportunities, risks, or complications
What we offer
What we offer
  • Competitive pay and comprehensive healthcare benefits
  • Financial assistance for things like hybrid work, family planning
  • Generous parental leave
  • Flexible time-off policies
  • Mental health and wellness resources
  • Learning, development, and recognition programs
  • Fulltime
Read More
Arrow Right

Security GRC Analyst

Juni is seeking a Security GRC (Governance, Risk, and Compliance) Analyst to pla...
Location
Location
Sweden , Stockholm; Gothenburg
Salary
Salary:
Not provided
juni.co Logo
Juni
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2 to 4 years of experience in information security governance, risk, or compliance roles
  • Demonstrated experience with compliance frameworks and regulations (e.g., PCI DSS, ISO 27001, GDPR, PSD2, EBA outsourcing and DORA)
  • Degree in Cybersecurity or Information Systems or similar
  • Knowledge of security frameworks (e.g., CIS Controls, NIST CSF)
  • Solid understanding of risk assessment methodologies and hands-on experience with risk registers and third-party risk management
  • Experience in coordinating activities for security certifications and audits
  • Ability to develop and track security metrics (KPIs)
  • Strong analytical, problem-solving, and organisational skills
  • Excellent communication skills, comfortable presenting to various stakeholders
  • A proactive and independent worker who is also a strong team player
Job Responsibility
Job Responsibility
  • Maintain and update core security documentation, including policies, procedures, and instructions, ensuring they remain current and relevant
  • Identify, collect, and analyse data to track key security performance indicators (KPIs) and metrics, generating reports and dashboards to communicate security performance to stakeholders
  • Maintain the risk register and support daily risk management activities with growing independence
  • Follow up on the remediation of risks identified in new projects, third-party engagements, and other business initiatives
  • Conduct thorough security posture assessments of new vendors and perform periodic reviews of existing ones
  • Support our 3rd party procurement process
  • Monitor the implementation and effectiveness of security controls across the organisation
  • Coordinate and support activities to maintain key security certifications, including PCI-DSS and ISO 27001
  • Coordinate and support the implementation of remediation plans to address identified compliance gaps
  • Provide support in responding to security-related questions during partner due diligence and assist in providing necessary information for cyber insurance renewals
What we offer
What we offer
  • Work hybrid
  • Meet all Junis IRL at the company onsite each year
  • Diversity is at our core
  • Progress your career whether you choose to manage people or not
  • Stock options
  • Vacation 30 days
  • Private Health insurance
  • Beautiful offices in central Gothenburg and Stockholm, front row sea view
  • Fulltime
Read More
Arrow Right