IT Security Risk and Compliance Analyst

Overview & Responsibilities

PURPOSE OF THE JOB

The IT Security Risk & Compliance Analyst is ideal for someone passionate about cybersecurity, risk management, and continuous improvement. This entry-level role is an excellent opportunity for a recent graduate or early-career professional to gain hands-on experience in the fields of IT security, risk management, and compliance.

The position will play a key role in supporting audits, maintaining security policies, conducting risk assessments, and coordinating cybersecurity awareness initiatives across the organization. The analyst will support audit activities, help maintain security policies, conduct risk assessments, and contribute to employee security awareness initiatives.

BACKGROUND and EXPERIENCE

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Foundational knowledge of cybersecurity principles, risk management, and compliance frameworks (e.g., NIST, ISO 27001)
• Strong attention to detail and documentation skills
• Excellent written and verbal skills
• Ability to work effectively with both technical and non-technical stakeholders.
• Exposure to audit, compliance, and/or GRC tools
• Familiarity with data protection regulations (e.g., GDPR, JSOX, HIPAA)
• Self-motivated and willing to take direction from more experienced team members and aptitude toward details.  
• Ability to work in a high-pressure environment.  
• Willingness to work in a teaming, collaborative environment.  

SPECIFIC JOB RESPONSIBILITIES/COMPETENCIES

Auditing and Compliance

• Assist in the preparation and coordination of internal and external IT audits (e.g., JSOX, SACS-002, Internal Controls, ISO, User Audits, software reviews)
• Gather and maintain evidence for compliance reviews and control testing
• Monitor and follow up on audit findings and remediation efforts
• Maintain documentation of controls, policies, and procedures
• Ensure applications are compliant with industry security standards and best practices.

Policy Maintenance

• Help develop, review, and update IT security policies and standards
• Track policy review schedules and ensure timely updates
• Coordinate with stakeholders to ensure policies align with business and regulatory requirements
• Assist in communicating policy changes across the organization

Risk Assessments

• Support periodic IT risk assessments
• Identify, document, and track potential risks and mitigation plans
• Maintain risk registers and dashboards
• Work with system and process owners to understand control gaps.

Security Awareness and Training

• Assist in delivering IT security awareness programs and campaigns (e.g., phishing simulations, Cybersecurity Awareness Month, and regular training opportunities)
• Track employee training completion and metrics
• Help maintain awareness content (email templates, posters, intranet content)
• Respond to basic employee inquiries about cybersecurity best practices

Equal Employment Opportunity

Ebara Elliott Energy is an equal employment opportunity/affirmative action employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, marital status, genetic information, disability, veteran status, or any other characteristic protected by the federal, state or local laws of the United States. Applicants and employees are protected under U.S. federal law from discrimination. To learn more, click here.

Pay Transparency Nondiscrimination Provision
Ebara Elliott Energy follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, click here.

To learn more about our Job Applicant Privacy Notice, please click here.

No agency submissions please. NOTE: Resumes submitted to any Ebara Elliott Energy employee without a current, signed and valid contract in place with the Ebara Elliott Energy recruiting team will become the property of Ebara Elliott Energy and no search fees will be paid.