Senior Cyber Risk & Compliance Analyst

The essential responsibilities of the Senior Cyber Risk & Compliance Analyst are to support the Cyber Risk and Compliance function in operational management, governance activities and in the implementation of Disaster Recovery Plans for all Convergint critical back-office and customer-facing systems, as well as Business Continuity Plans for all Convergint CTCs and CDCs. The Analyst shall manage and update relevant security program documentation; identify, evaluate and support the remediation of cyber risks to the organization; support audits and other compliance activities. The Analyst will work with the technology teams and various Convergint business unit leads to develop (and test) response, recovery, and tactical plans and procedures to resume business operations following a business interruption or disaster.

For information about how we use your personal information, please see our Colleague & Applicant Privacy Notice, available on convergint.com/careers.

Key Responsibilities:

• Support the GRC function by using a risk-based approach to prioritize and address organizational risks.
• Develop, implement, and maintain global BCP/DR frameworks, ensuring consistency across regions.
• Conduct Business Impact Analyses (BIA) to identify critical assets, set Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO), and align recovery strategies with business needs.
• Establish clear communication and escalation protocols for crisis response, ensuring leadership engagement and cross-functional coordination.
• Keep BCP and DR documentation accurate and updated annually to ensure Convergint locations and applications support customers during BCP/DR events and meet contractual obligations.
• Coordinate with CTCs and technology teams to address BCP/DR gaps.
• Lead regional and global BCP/DR testing and fail-over exercises, ensuring business units can effectively recover from disruptions.
• Conduct research and evaluate new strategies for Disaster Recovery, such as leveraging Cloud environments and related technologies.
• Develop business resiliency metrics for the organization and its business units, along with executive reporting.
• Manage and update cyber security program documentation including policies, standards and guidance documents.
• Support ongoing client audits and compliance activities.
• Support operational cyber security activities including risk identification, prioritization, and actively manage and track remediation
• Develop and support a program for assessing and maintaining oversight of critical vendors to ensure business resiliency.

Core Competencies:

• Global perspective and ability to work with cross-cultural teams.
• Ability to coordinate cross-functional teams during disruptions and lead BCP/DR exercises.
• Understanding of cyber threats, vulnerabilities, and their impact on business operations.
• Experience integrating DR with cybersecurity incident response and risk mitigation strategies.
• A mix of technical, analytical, and communication skills to support risk management, compliance, and disaster recovery efforts. Here are key competencies for this job
• Ability to assess complex risks, prioritize recovery efforts, and recommend strategic improvements.
• Strong problem-solving skills for identifying gaps in resilience planning and implementing corrective actions.

Technical Skills:

Cybersecurity Frameworks & Compliance Standards

• NIST (National Institute of Standards and Technology) Frameworks (e.g., NIST 800-53, NIST CSF)
• ISO 27001 (Information Security Management System - ISMS)
• SOC 2 Compliance (Service Organization Control)
• CIS Controls (Center for Internet Security)
• GDPR, HIPAA, CMMC, PCI-DSS (Depending on industry regulations)

Risk Management & Assessment

• Conducting risk assessments (identifying, analyzing, and mitigating cyber risks)
• Using risk management tools (e.g., Archer, RiskLens, LogicGate)
• Familiarity with third-party risk management (TPRM)

Security Governance & Policy Management

• Writing, maintaining, and enforcing security policies and procedures
• Understanding Governance, Risk, and Compliance (GRC) methodologies
• Experience with GRC tools (e.g., RSA Archer, ServiceNow GRC, OneTrust)

Disaster Recovery & Business Continuity Planning

• Knowledge of Business Continuity (BCP) and Disaster Recovery Planning (DRP)
• Developing and testing incident response and recovery plans
• Experience with tabletop exercises and business impact analysis (BIA)

Security Auditing & Compliance Reporting

• Conducting internal security audits
• Supporting external audits and regulatory assessments
• Creating and maintaining compliance documentation and reports

Behavioral Skills:

Attention to Detail

• Carefully reviewing security documentation and compliance requirements
• Identifying risks that others might overlook

Analytical Thinking

• Evaluating complex cyber risks and compliance issues
• Assessing and prioritizing risks to develop mitigation strategies

Strong Communication Skills

• Clearly articulating risks and compliance requirements to technical and non-technical stakeholders
• Writing reports and security documentation effectively

Collaboration & Teamwork

• Working with technology teams, business units, and leadership
• Supporting audits, recovery planning, and risk management with cross-functional teams

Adaptability & Resilience

• Adjusting to rapidly changing cyber threats and compliance requirements
• Maintaining composure under pressure, especially during disaster recovery situations

Process-Oriented Approach

• Developing and maintaining structured plans for compliance and risk management
• Following governance frameworks and audit procedures carefully

Qualifications

Education:

• Bachelor's degree in Computer Science or related field or equivalent combination of industry related professional experience and education

Experience:

• Working experience with information security and audit/compliance initiatives, teams, and programs
• Audit experience
• Experience with Governance, Risk and Compliance solutions (Oracle, Archer, Service Now) applications
• Working experience with CMMC, ISO27001/2, PCI, CoBIT and/or other Information Security Management Frameworks

Certifications:

• CISA, CISSP, CISM, CTPRP or equivalent certification(s) preferred

Scope & Impact:

• This role influences global operations, impacting all regions and supporting the development of consistent risk, compliance and business continuity processes across Convergint LLC.

Work Environment:

• This role is remote but requires flexibility for global time zones and up to 10% travel annually.
• This role requires regular and predictable attendance.

Performance Metrics:

Cyber Risk Management Metrics

• Risk Assessment Completion Rate - Percentage of identified risks assessed and categorized within a specific timeframe.
• Risk Remediation Time - Average time taken to address identified risks (e.g., patching vulnerabilities, implementing controls).
• Third-Party Risk Assessments - Percentage of vendor and partner risk assessments completed on schedule.
• Positive feedback from regional leaders on consistency and scalability.

Compliance & Audit Metrics

• Audit Readiness & Compliance Score - Number of compliance gaps identified vs. resolved during internal or external audits.
• Regulatory Compliance Adherence - Percentage of compliance requirements met (e.g., NIST, ISO 27001, SOC 2).
• Policy & Procedure Update Frequency - Ensuring security policies and procedures are reviewed and updated per compliance schedules.
• Findings Resolution Time - Average time taken to address compliance audit findings.

Business Continuity & Disaster Recovery (BC/DR) Metrics

• Business Continuity Plan (BCP) Testing Completion Rate - Number of scheduled BCP/DR tests completed successfully.
• Recovery Time Objective (RTO) Adherence - Percentage of systems restored within the defined RTO in case of a disaster.
• Recovery Point Objective (RPO) Adherence - Percentage of data restored within the acceptable data loss limits (RPO).
• Business Impact Analysis (BIA) Completion - Percentage of business units covered in regular BIA reviews.

Documentation & Process Efficiency

• Timeliness of Security Documentation Updates - Frequency of updates to security policies, risk assessments, and compliance reports.
• Accuracy & Completeness of Reports - Percentage of reports submitted with full data and minimal revisions.
• Stakeholder Engagement & Communication Effectiveness - Number of risk and compliance briefings delivered to leadership and teams.

Please note that this job posting includes salary information for the assigned target market range within the primary geographic region the requisition is posted. If the position is posted in multiple locations or is a remote position, the salary range may vary. Individual pay rates will, of course, vary depending on the job, department, and location, as well as the individual skills, experience, certifications, specific licenses, and education of the applicant.

#LI-Remote