Rollins, Inc. is a global consumer and commercial service company specializing in pest management services. They are seeking an IT Risk and Compliance Analyst to identify, assess, and mitigate organizational IT risks, particularly focusing on third-party risks and ensuring compliance with security frameworks.
Conduct comprehensive risk assessments of third-party vendors and service providers, evaluating their security posture, policies, procedures, and controls. Identify any vulnerabilities and work with stakeholders to ensure proper mitigation plans are in place.
Support the due diligence process by evaluating the security and compliance frameworks of potential vendors. Ensure vendors meet the organization's security standards and regulatory requirements before formal agreements are made.
Identify and evaluate security risks related to information systems, applications, and data. Perform risk assessments to determine the likelihood and impact of potential threats.
Collaborate with cross-functional teams to develop, implement, and monitor risk mitigation strategies, including technical controls, process improvements, and security policies.
Ensure compliance with security frameworks (e.g., NIST, ISO 27001) and relevant laws (e.g., GDPR, HIPAA, SOX). Support internal and external security audits.
Create and maintain comprehensive risk assessment reports, dashboards, and documentation to track and communicate security risk status to senior management.
Continuously monitor third-party vendors' security practices and compliance status throughout the lifecycle of the partnership. Develop and present regular reports to management on third-party risk status and recommended actions.
Work closely with procurement, legal, and other business units to integrate security requirements into vendor contracts and agreements. Provide guidance and support to business teams in managing vendor relationships with a focus on security.
Develop, review, and update internal policies and procedures related to third-party risk management. Ensure that these align with industry best practices, compliance frameworks, and regulatory requirements.
Qualification
Required
Bachelor’s degree in Information Security, Cybersecurity, Risk Management, related field or equivalent experience
Certified Information Systems Security Professional (CISSP), Certified Information Security Assessor (CISA), or Certified in Risk and Information Systems Control (CRISC)
Minimum of 2-4 years of experience in Information Security, Risk Management, or IT auditing with a focus on third-party risk management
Experience with risk assessment methodologies and risk management best practices
Strong knowledge of risk management, regulatory requirements, and security controls, as well as a track record of supporting GRC programs
Solid knowledge of security frameworks and standards (e.g., NIST, PCI, ISO 27001, SOC 2, GDPR, etc.)
Familiarity with risk management tools and platforms
Strong understanding of regulatory and compliance requirements related to third-party security
Excellent analytical and problem-solving skills
Ability to communicate complex security concepts effectively to both technical and non-technical stakeholders
Strong interpersonal skills and the ability to collaborate with cross-functional teams
Ability to work independently and in a team environment
Analytical Thinking. An ability to assess and break down complex situations to identify risks and vulnerabilities in IT systems
Attention to Detail. Ensuring that no risk is overlooked, and every component is examined for potential weaknesses
Problem-Solving Skills. Capable of developing solutions to address identified risks or challenges in systems and operations
Strong Communication Skills. Effectively communicates risks, findings, and recommendations to technical teams, management, and stakeholders
Technical Knowledge. Familiarity with IT infrastructure, systems, and security protocols, such as firewalls, encryption, networks, and cloud technologies
Critical Thinking. Ability to evaluate the potential impact of risks and assess them from different perspectives before making recommendations
Proactive Mindset. Ability to foresee potential risks and take preventive measures before issues arise
The IT landscape is constantly changing. A good IT risk analyst must stay flexible and able to adjust strategies or solutions based on evolving threats and technology
Collaboration and Teamwork. Often working with cross-functional teams, it's important to be a team player, whether in incident response, risk assessments, or solution implementation
Knowledge of Risk Management Frameworks. Understanding risk management methodologies, such as ISO 27001, NIST, or FAIR, and how to apply them effectively
Ethical Integrity. Handling sensitive information and making decisions that align with ethical standards and company policies
Stress Management. IT risk analysts sometimes face high-pressure situations, especially when dealing with vulnerabilities or breaches. Staying calm and focused is essential
Continuous Learning. Staying current with new threats, emerging technologies, and evolving best practices in cybersecurity and risk management
Business Acumen. Understanding the business implications of IT risks and how they relate to the overall goals and objectives of the organization
Project Management Skills. Ability to manage multiple risk assessments and initiatives, ensuring they’re completed on time and within scope
Technical Writing. Ability to produce clear, concise reports and documentation for various stakeholders, including technical and non-technical audiences
Preferred
Other relevant certifications like CISM (Certified Information Security Manager), GIAC Certified Incident Handler (GCIH), or Payment Card Industry Qualified Security Assessor (PCI QSA) are a plus
Benefits
Comprehensive benefits package including medical, dental, vision, maternity & life insurance
401(k) plan with company match, employee stock purchase plan
