Career Opportunities

Share This Job

IT Security Governance and Compliance Analyst

Job Title
IT Security Governance and Compliance Analyst
Job ID
Southfield,  MI
Other Location

Conexess is looking for an experienced IT Security Governance and Compliance Analyst who will be responsible for ensuring the confidentiality, integrity, & availability of information assets within the enterprise. The IT Governance and Compliance Analyst will provide technical expertise & protection of assets by reviewing, analyzing, & implementing security controls, functions, & processes within the enterprise to support the overall information security program & other security initiatives. The person will consult & interface with network administrators, system administrators, desktop support staff, IT staff, developers, & non-IT departments on security issues & requirements. This position may also serve as a backup to other critical security positions as necessary.

The IT Governance & Compliance Analyst will assist with creating & managing information security policies & procedures based on industry standard frameworks & best practices, performing risk assessments & security awareness training, ensuring organization-wide compliance with security policies, & providing audit support as necessary. This position is located in Southfield, MI & may be contract-to-hire. Paid relocation is not available. Internally this role may be at the Analyst or Associate level.


   Security Team

  • Expected to stay current on security industry trends, new threats & attack techniques, mitigation techniques, & emerging security technologies
  • Provide insight & participate in security projects to evaluate & recommend security products for various applications & platforms throughout the organization while supporting business initiatives
  • Assist with the development, maintenance of, & training on technical documentation & Standard Operating Procedures
  • Successfully manage multiple priorities & deadlines
  • Improve security efficiency & streamline/automate work processes while working collaboratively with other team members & IT staff to accomplish objectives
  • Participate, as needed, in Critical incidents & implementation reviews

    Governance & Compliance

  • Author & revise enterprise information security policies & standards in-line with industry frameworks & best practices
  • Perform information security risk assessments & assess the control environment of the business processes & applications under review in accordance with the information security program
  • Manage the SDLC process & coordinate with other IT teams to ensure all proper protocols are being followed & adhered to
  • Develop information security awareness training & educational materials & conduct new hire security awareness training
  • Compose risk assessment/audit reports, as well as develop remediation plans to address risks & vulnerabilities discovered during audits/risk assessments
  • Manage compliance related activities to document, schedule, & collect documentation requests & procedural information to support audit & assessment activities
  • Keep abreast of the latest information security & privacy laws & regulations; ensure compliance both with internal security policies & applicable laws & regulations


  • Highly motivated to work in information security
  • Willingness to increase knowledge and credibility through obtaining training and/or certifications (CISSP, CISA, CRISC, etc.)
  • Ability to work well as an individual & as part of a team
  • Excellent written & oral communication skills, inter-personal skills, & effective skills to support security programs. Must be able to provide formal reports & presentations as required
  • Must give attention to detail & possess the ability to prioritize tasks so work is completed in an accurate, timely manner
  • Excellent problem solving ability and ability to resolve issues under tight time frames
  • Experience using Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.) preferred
  • Must have the ability to work full time
  • Must be able to work in an office environment
  • Must be physically able to sit/stand at a computer & work in front of a computer screen for significant portions of the work day

Experience, Certifications, & Education

  • 1-6 years of professional work experience
  • Experience within Information Security, Risk, Compliance, Audit or Information Technology is desired, but not required
  • Proven project management & organizational skills
  • Bachelor’s degree in Information Technology or related field desired, but not required
  • Certified Information Systems Security Professional (CISSP) desired, but not required
  • Certified Information Systems Auditor (CISA) desired, but not required
  • Certified in Risk & Information Systems Control (CRISC) desired, but not required

Option 1: Create a New Profile