<p>The Senior Information Security Governance & Compliance (G&C) Analyst at JM Family Enterprises plays a key role in supporting and maturing the organization's information security governance and compliance program. This position is responsible for supporting compliance initiatives, executing and coordinating audits, performing security control assessments, and partnering with business and technology stakeholders to ensure adherence to regulatory, contractual, and internal security requirements.</p> <p>The Senior Information Security G&C Analyst serves as a trusted advisor to control owners, helps operationalize security controls across the enterprise, and provides stellar customer service to stakeholders. This role will report to the Governance, Risk, and Compliance and Offensive Security Manager and support the Information Security department to provide the highest quality assurance program to our customers.</p> <p>This is an onsite/hybrid role (3 days/week) from our Deerfield Beach office in South Florida.</p> <p>Responsibilities:</p> <p>Governance & Compliance</p> <ul> <li> <p>Lead and coordinate internal and external audits, including SOC examinations and regulatory assessments</p> </li><li> <p>Manage compliance with applicable regulations and frameworks (e.g., SOC 1/2, HIPAA, CCPA, NYDFS 500, GLBA)</p> </li><li> <p>Develop, maintain, and enhance information security policies, standards, and procedures</p> </li><li> <p>Ensure compliance artifacts and documentation are accurate, current, and audit-ready</p> </li><li> <p>Report status updates completely, accurately, and timely manner.</p> </li><li> <p>Maintain subject matter expertise and demonstrate superb critical thinking skills to ensure audit, assessments, and questionnaires are effective and efficient</p> </li><li> <p>Advocate and champion information security practices</p> </li><li> <p>Execute security control maturity assessments using interviews, documentation reviews, and evidence analysis</p> </li><li> <p>Support implementation and continuous improvement of control frameworks such as NIST, ISO 27001, CIS, or COBIT</p> </li><li> <p>Conduct periodic internal assessments for security risk and compliance</p> </li><li> <p>Perform other essential duties as assigned</p> </li></ul> <p>Stakeholder Engagement</p> <ul> <li> <p>Collaborate with IT, security, legal, privacy, procurement, and business teams across the enterprise</p> </li><li> <p>Communicate security and compliance requirements to stakeholders with varying levels of technical expertise</p> </li><li> <p>Provide clear, concise status reporting to management</p> </li><li> <p>Foster strong working relationships and serve as a subject-matter resource for G&C-related inquiries</p> </li><li> <p>Serve as a subject-matter resource for G&C-related inquiries</p> </li><li> <p>Skills:</p> </li><li> <p>Experience working with auditors</p> </li><li> <p>Project management skills for managing multiple complex activities</p> </li><li> <p>Strong organizational skills with the ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem as a team player with a can-do attitude</p> </li><li> <p>Knowledge of controls frameworks and applicable regulatory compliance mandates (e.g., NIST, CIS CSC, COBIT, CCPA, HIPAA, GLBA, SOC 1 Type 2, MAR)</p> </li><li> <p>Conduct research in keeping abreast of regulations and the latest security issues</p> </li><li> <p>Knowledge to evaluate, build, and optimize security program elements as assigned (e.g., logical access control, application security, vendor risk management, network security, privacy)</p> </li><li> <p>Strong written and verbal communication skills and ability to interface with all levels of business and executive leadership</p> </li><li> <p>Excellent analytical, problem-solving, and decision-making skills, applied with a solution-focused attitude</p> </li><li> <p>Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism</p> </li></ul> <p>Qualifications:</p> <ul> <li> <p>Bachelor's degree in Information Security, Information Technology, Risk Management, or a related field (or equivalent experience)</p> </li><li> <p>5+ years of experience in information security governance, risk management, audit, or compliance</p> </li><li> <p>Certifications such as CISA, CISM, CISSP, CRISC, CIPP, or GIAC or equivalent professional certifications</p> </li><li> <p>Strong working knowledge of security and privacy frameworks and regulatory requirements</p> </li><li> <p>Experience supporting or leading internal and external audits</p> </li><li> <p>Excellent analytical, written, and verbal communication skills</p> </li><li> <p>Experience with GRC platforms (e.g., Archer, ServiceNow GRC, or similar tools)</p> </li></ul> <p>#LI-AM1</p> <p>#LI-HYBRID</p> <p>This job description may not be inclusive of all assigned duties, responsibilities, or aspects of the job described, and may be amended at any time at the sole discretion of JM Family. All work arrangements are subject to associate performance, business need and manager discretion, and may be revised as necessary.</p> <p>JM FAMILY IS PROUD TO BE AN EQUAL OPPORTUNITY EMPLOYER</p> <p>JM Family Enterprises, Inc. is an Equal Employment Opportunity employer. We are committed to recruiting, hiring, retaining, and promoting qualified associates without regard to age, race, religion, color, gender, sex (including pregnancy, childbirth and related medical conditions), sexual orientation, gender identity, gender expression, mental or physical disability, national origin, marital status, citizenship, military status, genetic information, veteran status, or any other characteristic protected by federal, state, provincial, or local law.</p> <p>DISABILITY ACCOMMODATIONS</p> <p>If you have a disability and require a reasonable accommodation to complete the job application process, please contact JM Family's Talent Acquisition department at talentacquisition@jmfamily.com for assistance. If you have an accommodation request for one of our recruiting events, please notify us at least 72 hours prior so that we may provide assistance.</p>