Who We Are: CBORD and Transact have come together as industry leaders in integrated technology solutions, powering housing, access, foodservice, nutrition, eCommerce, card systems, and innovative payment, mobile credential, and commerce solutions. Our technology supports K-12 and higher education, healthcare, senior living, and business campuses, creating connected campus experiences that simplify operations and enhance lives. With a mobile-centric ecosystem and partnerships with over 1,750 institutions, we are dedicated to improving the student experience across all aspects of campus life.
Position Summary: We are seeking an experienced detail-oriented and proactive Senior Compliance & Risk Analyst to support the organization’s security compliance and risk management initiatives. This role will play a key part in maintaining adherence to regulatory frameworks, assisting with security control reviews, coordinating audit activities, and managing risk assessments. The ideal candidate will have experience performing risk assessments, developing and or managing business continuity plans, working with external auditors and frameworks such as SOC 2, PCI DSS, HIPAA, HITRUST, and GovRAMP.
Key Responsibilities:
- Support the execution of risk assessments and security control reviews across business units and IT environments
- Manage evidence collection and control testing projects with third-party auditors and internal assessments
- Maintain organized documentation for audit readiness and compliance tracking
- Coordinate with internal teams to gather responses to auditor inquiries and remediate identified gaps
- Track compliance status, action items, and report progress to management on a regular basis
- Manage TPRM workflows and document initial and ongoing third-party due diligence
- Work with internal business owners to complete client security questionnaires and maintain standardized responses for HECVAT, CAIQs, etc
- Help evaluate the effectiveness of technical and administrative security controls
- Contribute to the development and maintenance of compliance-related policies, standards, and procedures
- Stay informed of changes to relevant regulatory and industry frameworks
- Works independently with clear direction and flags issues early to maintain momentum.
Preferred Qualifications:
- 10+ years of experience in information security, risk management, or compliance
- Working knowledge of SOC 2, PCI DSS, HIPAA, GovRAMP, NIST CSF or similar frameworks
- Prior experience managing process workflows within TPRM due diligence cycles and vendor onboarding
- Experience tracking and analyzing external audits and compliance evidence collection
- Strong organizational skills and attention to detail
- Ability to communicate clearly with technical and non-technical stakeholders
- Familiarity with AuditBoard or similar GRC platforms and documentation tools is a plus
Base salary offers for this position may vary based on factors such as location, skills, and relevant experience. Some positions may include additional compensation in the form of bonus, equity, or commissions.
Transact + CBORD is an equal employment opportunity employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, protected military/veteran status, or any other protected factor.
As of Aug. 20, 2024, Transact and CBORD have merged to drive innovation and operational excellence across education, healthcare, and corporate markets. You can read more about the merger here: Transact News or CBORD Newsroom.
This position will be responsible for the handling of PHI (personal health information) and/or other types of SPI (sensitive personal information) and will be expected to comply with all applicable laws and internal policies with regards to handling of PHI/SPI