Security Risk and Compliance Analyst

Security Risk and Compliance Analyst

Remote | Full-Time (Central & Eastern Time Zones, preferred)

At Alera Group, we help businesses navigate complexity with confidence. We’re looking for a Security Risk and Compliance Analyst to join our Information Security team and support the strength, security, and compliance of our enterprise systems and operations.

This role is ideal for someone passionate about cybersecurity governance, risk management, and continuous improvement. You’ll help assess and manage IT and cybersecurity risks, support audit readiness, strengthen security controls, and partner across the business to ensure compliance with internal policies and regulatory requirements.

About Alera Group
Alera Group was founded in 2017 and has grown to become the 14th largest broker of U.S. business. We are passionate about our clients’ success in the areas of Employee Benefits, Property and Casualty Insurance, and Financial Services. With a network of offices nationwide, our commitment to collaboration allows us to offer national resources combined with local service.

What You’ll Do

• Conduct IT and cybersecurity risk assessments across systems, applications, and business processes
• Maintain and track the centralized IT risk register and support remediation planning
• Lead SOC 2, HIPAA, GLBA, SOX-IT, and internal audit readiness and response efforts
• Support security policy management, annual reviews, and compliance monitoring
• Perform third-party vendor security reviews and risk assessments
• Help develop dashboards, reporting, and key risk indicators (KRIs) for leadership visibility
• Support security awareness initiatives, compliance training, and process improvements

What You Bring

• 5+ years of experience in information security, audit, compliance, or IT risk roles
• Knowledge of cybersecurity controls, IT systems, and data protection concepts
• Familiarity with frameworks such as NIST, CIS Controls, or ISO 27001
• Strong attention to detail and ability to manage multiple priorities
• Proficiency in Excel, PowerPoint, SharePoint, Teams, and related collaboration tools
• Excellent written, verbal, and interpersonal communication skills

• Experience with GRC platforms such as OneTrust, LogicGate, ServiceNow GRC, or TeamMate (formerly Standard Fusion), preferred
• Exposure to vendor risk management tools like SecurityScorecard or BitSight, preferred
• Understanding of privacy and data protection regulations including HIPAA, GLBA, NYDFS and CCPA, a plus
• Certifications such as Security+, CISA, CRISC, or ISO 27001 Foundations, a plus

Compensation:
Salary range: $105,000 – $140,000 per year
Eligible for performance-based bonus: Yes

Benefits:
Alera Group offers comprehensive benefits including medical, dental, vision, life and disability coverage, 401(k), generous PTO, and more.

We''re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status, or any other protected class.

Alera Group is committed to protecting your privacy. Please review our Privacy Policy to understand what personal information we may collect and use as part of your application process.

If you''re a California resident, please read the  prior to applying.