Senior IS Risk & Compliance Analyst
Company: Ryder System
Location: Tallahassee
Posted on: March 1, 2026
|
|
|
Job Description:
Job Seekers can review the Job Applicant Privacy Policy by
clicking here (http://ryder.com/job-applicant-privacy-policy) . Job
Description : Summary The Senior Information Security Risk &
Compliance Analyst will be responsible for supporting the security
direction of the business and elevating the company's security
posture. The Analyst is expected to support the security strategy
within new and existing information systems capabilities. The
Analyst's role lies within the Chief Information Security Officer's
organizational structure, reporting to the Manager of Information
Security Governance, Risk and Compliance. The role oversees the
business' security requirements and obligations mandated by
standards and regulations. In tandem with security leadership, the
GRC security analyst consistently assesses and validates the
assurance of the security program. As a primary point of contact
for internal and external auditors, the GRC security analyst
monitors progress and enforces resolution of outstanding issues
that may lead to non-compliance or security threats to the
business. As a key member of the security team, the GRC security
analyst must focus on strong risk management and corporate
resiliency, and not be driven solely by compliance. Essential
Functions Conduct enterprise-wide, ongoing information security
risk assessments and risk management activities. Identify strengths
and weaknesses in the security program. Analyze findings, and
document, recommend and report program gaps to security leadership
and business stakeholders; reduce risk by helping to prioritize and
drive remediation efforts throughout the organization, and
contribute to risk management, treatment, and reporting process
efforts to protect data assets. Perform all ongoing compliance
activities related to the implementation, maintenance, monitoring
and continuous improvement of Ryder’s existing Information Security
Management System (ISMS) based on the requirements of ISO/IEC 27001
International Standard as well as future compliance requirements.
The analyst will work with various levels and departments across
the organization to ensure appropriate documentation is maintained
as evidence of competence and compliance and help to facilitate
internal and external independent examinations. The analyst will
also help to develop and implement an effective and unified global
information technology/security compliance program with applicable
data protection standards, legislation, as well as customer
information security requirements. Perform assessments to maintain
oversight of third party information technology suppliers to
safeguard against undue risk. Create final reports of pros and
cons, observations of anomalies, and deliverables for the business
as well as mandates for supplier compliance. Articulate results of
the final assessments to business stakeholders, project sponsors,
program managers, and other internal parties. Assist with review of
information security sections within supplier contracts to ensure
security and data privacy requirements are in place. Evaluate the
effectiveness of information security management and performance by
developing, monitoring, gathering and analyzing information
security and compliance metrics for management. Define qualitative
and quantitative metrics to assess the success of the security
program and provide regular reports to security and business
leadership. Design and document IT general controls to ensure the
business demonstrates compliance with its regulatory or compliance
obligations. Facilitate and coordinate activities and responses
related to internal and external controls testing including
entitlement reviews. Facilitate the remediation of control gaps and
escalate critical issues to management. Work closely with control
owners, internal and external auditors to ensure requests are
completed for timely delivery to audit. Assist with third party
audits and certifications for the organization (i.e. SOC, ISO, PCI,
etc.) Maintain oversight and administration of the GRC platform,
Sensitive Data Discovery and Classification, and/or other
compliance monitoring tools. Respond to customer information
security requirements and due diligence questionnaires. Coordinate
and facilitate response gathering in conjunction with other
organizational applications, support, infrastructure, legal, HR,
and physical security teams as necessary. Ensure responses are
accurate, valid, consistent, and reported within expected
deadlines. Maintain repository of customer information security
requirements, track and report on compliance. Research, recommend,
and contribute to information security polices, standards, and
procedures and work with other organizational participants from
legal, human resources, information technology, compliance,
physical security, the business units and others that have to
implement the policies. Participate in the lifecycle management of
information security's policy and supporting documents. Additional
Responsibilities Provide assistance with other information
security, risk and compliance projects and initiatives as assigned.
Monitor current and proposed security changes impacting regulatory,
privacy and security industry best practice guidance. Apply GRC
expertise across key lines of business, including products,
practices and procedures. Performs other duties as assigned. Skills
and Abilities Strong verbal and written communication skills Strong
verbal communication and listening skills Ability to work in a
regulated environmentAn understanding of organizational mission,
values, and goals and consistent application of this knowledge
Ability to present information and ideas clearly and understandably
to othersAn ability to identify and assesses the severity and
potential impact of risks and communicate risk assessment findings
to risk owners outside Information Security in a way that
consistently drives objective, fact-based decisions about risk that
optimize the trade-off between risk mitigation and business
performance Ability to create and maintain professional
relationships within all levels of the organization (peers, work
groups, customers, supervisors) Ability to maintain confidential
information Ability to simultaneously handle multiple priorities
Ability to work independently and as a member of a team
Demonstrates a high level of accuracy, even under pressure
Possesses a high degree of initiativeAn understanding of business
needs and commitment to delivering high-quality, prompt, and
efficient service to the business Seeks to acquire knowledge in
area of specialty Excellent organizational skills Maintains a high
degree of professionalism Proactively approaches responsibilitiesAn
understanding of organizational mission, values, and goals and
consistent application of this knowledge Ability to drive multiple
projects to successful completionExcellent prioritization
capabilities, with an aptitude for breaking down work into
manageable parts, effectively assessing the priority and time
required to complete each part Maintains composure under pressure
Ability to analyze and solve problems Ability to effectively
facilitate meetings, work sessions, and training Ability to group,
categorize, and systematize data, people, or thingsAbility to
collect, compile, gather reports with associated email thread
responses ensuring respective reports and responses are maintained
separate for each entitlement report reviewer Ability to work
within tight timeframes and meet strict deadlines Flexibility to
operate and self-driven to excel in a fast-paced environment
Ability to work with others in a professional manner while
achieving a common goal Capable of multi-tasking, highly organized,
with excellent time management skills Ability to effectively manage
a variety of tasks and projects simultaneouslyAn ability to work on
several tasks simultaneously and pay attention to sources of
information from inside and outside one’s network within an
organization Ability to influence internal and/or external
constituentsAn ability to effectively influence others to modify
their opinions, plans, or behaviors, with an emphasis on
collaborating across multiple teams and ensuring program needs are
satisfied through interpersonal and trusted communication
Demonstrates excellent judgment and decision making skillsStrong
decision-making capabilities, with a proven ability to weigh the
relative costs and benefits of potential actions and identify the
most appropriate one Ability to listen, write, and speak
effectively Inform, explain, and give instructionsAn ability to
communicate complex and technical issues to diverse audiences,
orally and in writing, in an easily-understood, authoritative, and
actionable manner Exposure to and familiarity with relevant
standards such as ISO/IEC 27000 family - Information Security
Management Systems, NIST Cybersecurity Framework, NIST 800, and
applicable laws related to regulatory compliance, information
security and privacy (e.gSOX, HIPAA, GDPR, PCI-DSS) intermediate
required Knowledge of information security risk management and IT
controls frameworks and methodologies (e.gISO/IEC 27005, COBIT,
OCTAVE) intermediate required Knowledge of Risk Management
Principles (risk avoidance, transfer, mitigation, acceptance), Risk
Assessment process intermediate required Knowledge of Cloud
Security - Cloud Control Matrix (CCM), Consensus Assessment
Questionnaire (CAIQ) intermediate required Knowledge of Common
Controls Hub - Unified Compliance Framework (UCF) intermediate
preferred Knowledge of Standardized Information Gathering (SIG)
Questionnaire intermediate preferred Knowledge of AICPA SOC for
Service Organizations intermediate preferred Qualifications
Bachelor's degree required Information Security, Information
Technology, Management Information Systems Master's degree
preferred Information Security, Information Technology, Management
Information Systems Seven (7) years or more Experience with
technology risks and controls and deploying information governance,
information technology risk management, compliance, information
secuirty, or privacy programs required Seven (7) years or more
Experience with cyber security and information security program
management and frameworks (e.g. NIST CSF, ISO/IEC 27000, etc.)
required Exposure to and familiarity with relevant standards such
as ISO/IEC 27000 family - Information Security Management Systems,
NIST Cybersecurity Framework, NIST 800, and applicable laws related
to regulatory compliance, information security and privacy (e.g.
SOX, HIPAA, GDPR, PCI-DSS) intermediate required Knowledge of
information security risk management and IT controls frameworks and
methodologies (e.g. ISO/IEC 27005, COBIT, OCTAVE) intermediate
required Knowledge of Risk Management Principles (risk avoidance,
transfer, mitigation, acceptance), Risk Assessment process
intermediate required Knowledge of Cloud Security - Cloud Control
Matrix (CCM), Consensus Assessment Questionnaire (CAIQ)
intermediate required Knowledge of Common Controls Hub - Unified
Compliance Framework (UCF) intermediate preferred Knowledge of
Standardized Information Gathering (SIG) Questionnaire intermediate
preferred Knowledge of AICPA SOC for Service Organizations
intermediate preferred Other Certified Information Systems Security
Professional (CISSP), Certified Information Systems Auditor (CISA),
or Certified in Risk and Information Systems Control (CRISC) or
Certified Cloud Security Professional (CCSP) credentials or
International Association of Privacy Professionals (IAPP) Travel
1-10% DOT Regulated None Job Category: Information Security
Compensation Information : The compensation offered to a candidate
may be influenced by a variety of factors, including the
candidate’s relevant experience; education, including relevant
degrees or certifications; work location; market data/ranges;
internal equity; internal salary ranges; etc. The position may also
be eligible to receive an annual bonus, commission, and/or
long-term incentive plan based on the level and/or type.
Compensation ranges for the position are below: Pay Type : Salaried
Minimum Pay Range: $100,000.00 Maximum Pay Range: $120,000.00
Benefits Information: For all Full-time positions only : Ryder
offers comprehensive health and welfare benefits, to include
medical, prescription, dental, vision, life insurance and
disability insurance options, as well as paid time off for
vacation, illness, bereavement, family and parental leave, and a
tax-advantaged 401(k) retirement savings plan. Ryder is proud to be
an Equal Opportunity Employer and Drug Free workplace. All
qualified applicants will receive consideration for employment
without regard to race, religion, color, national origin, sex,
sexual orientation, gender identity, age, status as a protected
veteran, among other things, or status as a qualified individual
with disability. Important Note : Some positions require additional
screening that may include employment and education verification;
motor vehicle records check and a road test; and/or badging or
background requirements of the customer to which you are assigned.
Security Notice for Applicants: Ryder will only communicate with an
applicant directly from a [@ryder.com] email address and will never
conduct an interview online through a chat type forum, messaging
app (such as WhatsApp or Telegram), or via an online questionnaire.
During an interview, Ryder will never ask for any form of payment
or banking details and will never solicit personal information
outside of the formal submitted application through
www.ryder.com/careers . Should you have any questions regarding the
application process or to verify the legitimacy of an interview or
Ryder representative, please contact Ryder at careers@ryder.com or
800-793-3754. Current Employees : If you are a current employee at
Ryder, please click here
(http://wd5.myworkday.com/ryder/d/task/1422$3.htmld) to log in to
Workday to apply using the internal application process. Job
Seekers can review the Job Applicant Privacy Policy by clicking
here (http://ryder.com/job-applicant-privacy-policy) . \wd
Keywords: Ryder System, Tallahassee , Senior IS Risk & Compliance Analyst, IT / Software / Systems , Tallahassee, Florida
