Security Risk & Compliance Analyst
OVERVIEW
Security Risk and Compliance Analyst
Remote | Full-Time
Central and Eastern Time Zones, preferred
At Alera Group, we help businesses navigate complexity with confidence. We’re looking for a Security Risk and Compliance Analyst to join our Information Security team and support the strength, security, and compliance of our enterprise systems and operations.
This role is ideal for someone passionate about cybersecurity governance, risk management, and continuous improvement. You’ll help assess and manage IT and cybersecurity risks, support audit readiness, strengthen security controls, and partner across the business to ensure compliance with internal policies and regulatory requirements.
About Alera Group
Alera Group was founded in 2017 and has grown to become the 14th largest broker of U.S. business. We are passionate about our clients’ success in the areas of Employee Benefits, Property and Casualty Insurance, and Financial Services. With a network of offices nationwide, our commitment to collaboration allows us to offer national resources combined with local service.
RESPONSIBILITIES
Conduct IT and cybersecurity risk assessments across systems, applications, and business processes
Maintain and track the centralized IT risk register and support remediation planning
Lead SOC 2, HIPAA, GLBA, SOX-IT, and internal audit readiness and response efforts
Support security policy management, annual reviews, and compliance monitoring
Perform third-party vendor security reviews and risk assessments
Help develop dashboards, reporting, and key risk indicators (KRIs) for leadership visibility
Support security awareness initiatives, compliance training, and process improvements
QUALIFICATIONS
5+ years of experience in information security, audit, compliance, or IT risk roles
Knowledge of cybersecurity controls, IT systems, and data protection concepts
Familiarity with frameworks such as NIST, CIS Controls, or ISO 27001
Strong attention to detail and ability to manage multiple priorities
Proficiency in Excel, PowerPoint, SharePoint, Teams, and related collaboration tools
Excellent written, verbal, and interpersonal communication skills
Experience with GRC platforms such as OneTrust, LogicGate, ServiceNow GRC, or TeamMate (formerly Standard Fusion), preferred
Exposure to vendor risk management tools like SecurityScorecard or BitSight, preferred
Understanding of privacy and data protection regulations, including HIPAA, GLBA, NYDFS and CCPA, a plus
Certifications such as Security+, CISA, CRISC, or ISO 27001 Foundations, a plus
ADDITIONAL INFORMATION
Compensation:Salary range: $105,000 – $140,000 per yearEligible for performance-based bonus: Yes
Benefits:Alera Group offers comprehensive benefits including medical, dental, vision, life and disability coverage, 401(k), generous PTO, and much more.
We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status, or any other protected class.
Alera Group is committed to protecting your privacy. Please review our Privacy Policy to understand what personal information we may collect and use as part of your application process.
#LI-NO1
#LI-Remote
Location Type
Remote
Apply To This Job