Ryder System, Inc. · 18 hours ago
Senior IS Risk & Compliance Analyst
Tallahassee, FL
Full-time
Onsite
Senior Level
$100K/yr - $120K/yr
7+ years expRyder System, Inc. is seeking a Senior Information Security Risk & Compliance Analyst who will support the security direction of the business and elevate the company's security posture. The role involves conducting risk assessments, ensuring compliance with security standards, and managing third-party supplier risks while reporting to the Manager of Information Security Governance, Risk and Compliance.
Fleet ManagementLogisticsSupply Chain ManagementTransportation
Responsibilities
Conduct enterprise-wide, ongoing information security risk assessments and risk management activities. Identify strengths and weaknesses in the security program. Analyze findings, and document, recommend and report program gaps to security leadership and business stakeholders; reduce risk by helping to prioritize and drive remediation efforts throughout the organization, and contribute to risk management, treatment, and reporting process efforts to protect data assets
Perform all ongoing compliance activities related to the implementation, maintenance, monitoring and continuous improvement of Ryder’s existing Information Security Management System (ISMS) based on the requirements of ISO/IEC 27001 International Standard as well as future compliance requirements. The analyst will work with various levels and departments across the organization to ensure appropriate documentation is maintained as evidence of competence and compliance and help to facilitate internal and external independent examinations. The analyst will also help to develop and implement an effective and unified global information technology/security compliance program with applicable data protection standards, legislation, as well as customer information security requirements
Perform assessments to maintain oversight of third party information technology suppliers to safeguard against undue risk. Create final reports of pros and cons, observations of anomalies, and deliverables for the business as well as mandates for supplier compliance. Articulate results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties. Assist with review of information security sections within supplier contracts to ensure security and data privacy requirements are in place
Evaluate the effectiveness of information security management and performance by developing, monitoring, gathering and analyzing information security and compliance metrics for management. Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership
Design and document IT general controls to ensure the business demonstrates compliance with its regulatory or compliance obligations. Facilitate and coordinate activities and responses related to internal and external controls testing including entitlement reviews. Facilitate the remediation of control gaps and escalate critical issues to management. Work closely with control owners, internal and external auditors to ensure requests are completed for timely delivery to audit. Assist with third party audits and certifications for the organization (i.e. SOC, ISO, PCI, etc.)
Maintain oversight and administration of the GRC platform, Sensitive Data Discovery and Classification, and/or other compliance monitoring tools
Respond to customer information security requirements and due diligence questionnaires. Coordinate and facilitate response gathering in conjunction with other organizational applications, support, infrastructure, legal, HR, and physical security teams as necessary. Ensure responses are accurate, valid, consistent, and reported within expected deadlines. Maintain repository of customer information security requirements, track and report on compliance
Research, recommend, and contribute to information security polices, standards, and procedures and work with other organizational participants from legal, human resources, information technology, compliance, physical security, the business units and others that have to implement the policies. Participate in the lifecycle management of information security's policy and supporting documents
Provide assistance with other information security, risk and compliance projects and initiatives as assigned
Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices and procedures
Qualification
Required
Bachelor's degree required Information Security, Information Technology, Management Information Systems
Seven (7) years or more Experience with technology risks and controls and deploying information governance, information technology risk management, compliance, information security, or privacy programs required
Seven (7) years or more Experience with cyber security and information security program management and frameworks (e.g. NIST CSF, ISO/IEC 27000, etc.) required
Exposure to and familiarity with relevant standards such as ISO/IEC 27000 family - Information Security Management Systems, NIST Cybersecurity Framework, NIST 800, and applicable laws related to regulatory compliance, information security and privacy (e.g. SOX, HIPAA, GDPR, PCI-DSS) intermediate required
Knowledge of information security risk management and IT controls frameworks and methodologies (e.g. ISO/IEC 27005, COBIT, OCTAVE) intermediate required
Knowledge of Risk Management Principles (risk avoidance, transfer, mitigation, acceptance), Risk Assessment process intermediate required
Knowledge of Cloud Security - Cloud Control Matrix (CCM), Consensus Assessment Questionnaire (CAIQ) intermediate required
Other Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) or Certified Cloud Security Professional (CCSP) credentials or International Association of Privacy Professionals (IAPP)
Preferred
Master's degree preferred Information Security, Information Technology, Management Information Systems
Knowledge of Common Controls Hub - Unified Compliance Framework (UCF) intermediate preferred
Knowledge of Standardized Information Gathering (SIG) Questionnaire intermediate preferred
Knowledge of AICPA SOC for Service Organizations intermediate preferred
Benefits
Comprehensive health and welfare benefits
Medical
Prescription
Dental
Vision
Life insurance
Disability insurance options
Paid time off for vacation
Illness
Bereavement
Family and parental leave
Tax-advantaged 401(k) retirement savings plan
Company
Ryder System, Inc.
We perfect the supply chains people depend on.
10001+ employees
H1B Sponsorship
Ryder System, Inc. has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (53)
2024 (45)
2023 (39)
2022 (54)
2021 (54)
2020 (36)
Funding
Current Stage
Public CompanyTotal Funding
unknown1978-01-13IPO
Leadership Team
Robert Sanchez
Chief Executive Officer
John Diez
President and Chief Operating Officer
Recent News
MarketScreener
2026-01-06
2026-01-06
MarketScreener
2025-12-19
Company data provided by crunchbase