Senior Cyber Risk & Compliance Analyst

Senior Cyber Risk & Compliance Analyst Location: Onsite in Mebane, NC, Bradenton, FL, or Palm Beach Gardens, FL Base Salary Rate: $117,887 – 138,690 per year   Job type: Full-time position    About This Role The Senior Cyber Risk & Compliance Analyst is a hands‑on execution leader responsible for driving cyber risk, compliance, and audit activities to completion across the enterprise. This role requires a self‑directed, highly accountable professional who can independently own workstreams, engage confidently with auditors and senior leaders, and translate requirements into completed, defensible outcomes. This role is ideal for a senior analyst who operates as a trusted problem‑solver, not just a coordinator. It is someone who closes gaps, chases evidence, and ensures commitments are delivered without constant direction.   Key Responsibilities  Audit & Assurance Execution (Primary Focus) Serve as a day‑to‑day execution lead for external and internal audits (SOX‑equivalent, operational audits, cybersecurity reviews). Own audit evidence collection, validation, and submission, ensuring materials are complete, accurate, and audit‑defensible. Proactively track open audit items, drive follow‑ups, and escalate risks early when timelines or control performance is at risk. Communicate directly with external auditors and internal stakeholders, providing clear, structured updates and resolving questions efficiently. Cyber Risk Management & Issue Resolution Manage assigned cybersecurity risks end‑to‑end, including: Risk documentation and tracking Control gaps and remediation activities Owner follow‑ups and closure verification Actively challenge incomplete or weak responses and push issues to resolution, rather than passively tracking them. Contribute to risk reviews related to external exposure, penetration testing results, and security control effectiveness. Operational Governance & Deliverables Independently own governance deliverables such as: Control evidence packages Risk summaries and issue trackers Status updates for leadership and auditors Maintain clear documentation and evidence trails suitable for repeatable audits and regulatory scrutiny. Support enterprise initiatives tied to SOX-level controls, audit remediation, and cyber risk transparency. Cross‑Functional Leadership (Without Direct Reports) Operate as a lead individual contributor, coordinating across IT, Infrastructure, Security, Finance, and third‑party vendors. Build credibility with technical and non‑technical stakeholders through clarity, follow‑through, and consistent delivery. Model strong accountability and raise issues early when dependencies or ownership gaps emerge.   Basic Qualifications Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, Accounting, Business, or related discipline (Relevant professional experience may be considered in lieu of a degree) 7+ years of experience in cybersecurity risk, IT risk, internal controls, compliance, or audit‑adjacent roles.   Preferred Qualifications  Demonstrated experience directly supporting or leading portions of external audits (not just preparing background materials). Proven track record of independently owning workstreams and driving them to completion. Proven experience leading organizations through certification across multiple cybersecurity frameworks, including ISO/IEC 27001, CMMC and comparable regulatory or industry standards. Experience with GRC tools (Drata) Strong understanding of: Cybersecurity risk management concepts IT controls and control evidence expectations Audit workflows and external auditor interaction High personal accountability with the ability to manage multiple concurrent deliverables. Clear, concise written and verbal communication, especially in audit and leadership contexts. Comfortable pushing back, probing gaps, and escalating when needed. Self‑starter who requires minimal hand‑holding. Execution‑focused: prioritizes closure over coordination. Detail‑oriented without losing sight of deadlines and outcomes. Exposure to SOX‑level environments. Prior experience working in fast‑paced, global organizations with distributed stakeholders. Holder of certifications (e.g., CISA, CRISC, CISM, CISSP, CIA, Security+, etc.)