Cyber Security Analyst (Governance, Risk, and Compliance)

Job Title:

Governance, Risk, and Compliance Analyst

Job Description:

We are seeking a detail-oriented Junior Regulatory Specialist to support compliance initiatives within our Client's cybersecurity and governance team. This role is ideal for professionals looking to develop a career in cybersecurity and compliance, focusing on ISO27001 and SOC2 Type 2 certifications.

About the company:

Our Client is a cybersecurity company specializing in Governance, Risk, and Compliance (GRC). They assist organizations in achieving and maintaining compliance with industry security standards, ensuring data protection and regulatory adherence.

Work Schedule:

• Part-time (20 hours per week).
• Flexible hours, with at least one daily check-in.

Responsibilities of the role:

• Stay up-to-date with applicable InfoSec, PHI, and privacy regulations across North America, Europe, and Israel.
• Develop and maintain strong working relationships with internal teams, particularly InfoSec and Privacy.
• Maintain up-to-date ISMS procedures and ensure compliance.
• Collaborate with InfoSec to integrate Standard Operating Procedures (SOPs).
• Identify and document work process gaps in compliance with privacy and InfoSec regulations.
• Participate in defining and implementing new privacy and security policies, practices, and controls.
• Support the privacy compliance manager in tracking security or privacy incidents and proposing improvements.
• Coordinate and participate in external and internal ISMS audits (ISO 27001 and SOC 2) and oversee corrective and preventive actions.
• Document and follow up on post-marketing surveillance activities related to cloud-based solutions.
• Analyze trends and risks, contributing to security and risk improvement initiatives.
• Ensure consistency and efficiency in documented compliance processes.
• Assist with client-based security surveys and regulatory documentation.
• Organize incident post-mortems and track corrective and preventive actions.
• Maintain updated security and privacy training materials.

Required Experience and Qualifications:

• Bachelor’s degree in Information Security, Business, Quality Management, or a related field (or equivalent certification).
• Basic knowledge of ISO-27001 and SOC 2 certification processes.
• Basic experience in IT, software development, medical technology, or cloud hosting environments.
• Proficiency in Microsoft Office, Google Suite, and workflow tools like Visio.
• Highly organized and project-oriented.
• Strong analytical skills with attention to detail.
• Ability to work independently with minimal supervision.

Language Requirement:

• C1 level of English proficiency required.

Preferred Skills:

• Familiarity with risk assessment methodologies and regulatory frameworks.
• Experience in compliance audits and policy implementation.

Salary and Benefits:

• Salary paid in USD or Local Currency according to your preference.
• Payment frequency: Weekly.
• Monthly Salary range of ~575 to 800 USD

Additional Details:

• Paid Time Off: 10 PTO days after the first 90 days.
• Paid Holidays: 6 per year (January 1st, May 1st, Christmas, and 3 flexible days of choice).
• Unpaid sick leave (with a doctor’s note).
• Paid Lunch Hour and Breaks: Not included.