Senior Risk and Compliance Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Laserfiche · 20 hours ago

Senior Risk and Compliance Analyst

positionLong Beach, United States
timeFull-time
remoteHybrid
seniorityMid, Senior Level
money$106K/yr - $140K/yr
date3+ years exp

Laserfiche is a global leader in intelligent document management and business process automation, dedicated to helping organizations drive digital transformation. They are seeking a Senior Risk and Compliance Analyst to support their Governance, Risk and Compliance programs through internal audits, control assessments, and compliance monitoring activities. This role involves collaboration with various stakeholders to ensure compliance with regulatory frameworks and customer requirements.

Artificial Intelligence (AI)Business Process Automation (BPA)CMSDocument ManagementEnterprise SoftwareHuman ResourcesMachine LearningSaaSSoftware
badNo H1Bnote

Responsibilities

Perform internal audits, IT general computer controls testing, application security assessments and ongoing risk assessments
Update risk registers and track findings, corrective action plans and remediation activities
Support ongoing risk reporting and metrics tracking for internal stakeholders and executive leadership
Ensure evidence is accurate, current and audit-ready
Coordinate and manage external audits and assessments, including evidence requests, with auditors, 3PAOs, GovRAMP PMO, FedRAMP PMO and security firms
Prepare and submit continuous monitoring reports and supporting artifacts to GovRAMP
Safeguard Laserfiche information in accordance with Laserfiche Information Security Policies
Perform technical validation of security controls using the AWS Management Console
Review and collect evidence related to AWS services, configurations and security controls, including IAM, logging, encryption and monitoring
Partner with ITS and Development to validate cloud control implementation and operating effectiveness
Support corporate and cloud security documentation and evidence mapping to NIST 800-53, ISO 27001, SOC 2, CIS controls and other applicable control frameworks and standards
Identify control gaps or inconsistencies and escalate findings through established GRC processes
Document, test and monitor IT, application and data privacy controls as part of an ongoing GRC program
Maintain control matrices, control narratives and framework mappings
Collaborate with department stakeholders and Legal to perform privacy impact assessments (PIAs) and data protection impact assessments (DPIAs)
Support data mapping, data inventories and data privacy compliance documentation
Update policies, procedures and standards under the direction of GRC leadership
Perform vendor risk management assessments for third-party service providers
Track vendor remediation activities and risk treatment plans
Update business impact analyses (BIAs) and business continuity plans (BCPs)
Coordinate with ITS and Development on disaster recovery plan updates and testing
Respond to customer security questionnaires, RFPs and security and AI due diligence requests
Maintain and update standard assurance artifacts such as HECVAT, CAIQ and similar documents for customer distribution
Partner with Sales, Legal and ITS to ensure responses are accurate, consistent and approved
Monitor customer contractual security and compliance requirements and flag risks or gaps

Qualification

IT auditCloud security complianceAWS Management ConsoleGRC programsCISA certificationCRISC certificationCISM certificationNIST 800-53ISO 27001Communication skillsOrganizational skillsPresentation skillsNegotiation skills

Required

Bachelor's degree in information systems, IT audit, cybersecurity or a related degree program is required
Three to seven years of experience in IT audit, GRC, cloud security compliance or related roles
Relevant certifications such as CISA, CRISC, CISM or AWS are required
Hands-on experience supporting IT audits, compliance assessments or GRC programs
Experience with industry regulations (e.g., HIPAA, GDPR, CCPA), GovRAMP, FedRAMP, CMMC and leading frameworks such as AICPA Trust Services Criteria, NIST 800-53 and ISO 27001
Practical experience navigating the AWS Management Console for security and compliance evidence collection and understanding key AWS security concepts
Strong technical skills in auditing, controls and cybersecurity; Big Four experience a plus
Excellent communication, presentation and negotiation skills, with the ability to influence internal and external stakeholders and write policies and controls documentation
Exceptional organizational and program management skills with a keen attention to detail

Benefits

15 Days of Vacation
3 Floating Holidays
2 Paid Volunteer Days
9 Paid Holidays
Hybrid Work Environment
Free Parking: covered and EV charging stations
Various 401 (k) Investment Options and Generous Company Match
HMO and PPO Medical Care Options

Company

Laserfiche

twittertwittertwitter
Glassdoor3.5
company-logo
Laserfiche is the world's largest private Enterprise Content Management (ECM) software development company.
dateFounded in 1987
location
Long Beach, California, USA
people-size201-500 employees
web-link
http://www.laserfiche.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Karl Chan
CEO
linkedin
leader-logo
Anna Kyritsis
CFO & VP Finance
linkedin

Recent News

MarTech Series
Laserfiche is a Leader in Info-Tech Research Group’s Enterprise Content Management – Enterprise Data Quadrant
2025-12-22
UAE Business Review
Laserfiche is a Leader in Info-Tech Research Group’s Enterprise Content Management - Enterprise Data Quadrant
2025-12-19
EIN Presswire
The Top Enterprise Content Management Software According to the FeaturedCustomers Fall 2025 Customer Success Report
2025-11-18
Company data provided by crunchbase