2,309 Security Risk jobs in the United States

• Bachelor's Degree in Cyber Security, Risk and Compliance, or equivalent/related field or equivalent years of experience
• 4+ years professional experience in Security, Risk and compliance
• Strong experience in Microsoft Purview - Data Loss Prevention (DLP) configurations, alerts, remediation, reporting etc
• Experience writing, reviewing and maintaining security policies, standards and procedures
• Ability to perform risk assessments, support and participate in the audits - ISO 9001 and ISO 27001

• Assist in completing and reviewing security questionnaires, requests for proposal (RFP), requests for information (RFI), and vendor evaluations as needed
• Perform security evaluations of new software products across the business and provide risk feedback to requesting ISN team members
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
• Respond to cyber security alerts including DLP alerts, attempting remediation, and escalation as required
• Assist in documenting and escalating incidents (including event history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment

• Employees must be within a commutable distance to the Dallas, TX office. Relocation is required for candidates not already local to the DFW area.
• Required to come to the office at least 2 times per week during the first 90 days.
• After 90 days, your role on the Products team will have the option to work remotely with at least 1 in-person engagement required monthly.

• 100% company-paid monthly insurance premiums for employees and dependents
• Medical, Dental, Vision, and Life Insurance
• Employee assistance program
• 4% retirement matching
• Long-Term & Short-Term Disability Coverage
• Paid time off
• 0-1 year - 15 day (pro-rated first year)
• 1-5 years - 20 days
• 5-10 years - 25 days
• 10+ years - 30 days
• Holidays - 13 paid holidays
• Monthly cell phone reimbursement
• Complimentary parking space or monthly reimbursement for DART public transportation
• Team-building activities and events, including quarterly kick-off meetings and community volunteer day
• Matching charitable gift program
• Professional development & training opportunities
• Wellness Program: Focuses on community, financial, mental, nutrition, physical and social health
• Business casual, jeans allowed

Join to apply for the Security Risk and Compliance Specialist role at Fisher Phillips

Join to apply for the Security Risk and Compliance Specialist role at Fisher Phillips

(Atlanta, Full-time Hybrid)

Fisher Phillips, a premier international labor and employment law firm, is seeking a skilled and experienced Security Risk and Compliance Specialist to join our team. In this essential role, you will contribute to the seamless operation of our services, providing crucial support to our department in delivering exceptional client service and maintaining our commitment to excellence.

The Security Risk and Compliance Specialist supports the Director of Information Security in managing security-related contractual obligations and compliance requirements. This role ensures organizational compliance with internal policies and is responsible for reviewing contractual commitments and actual controls, assisting with remediation planning, and contributing to security awareness materials. The ideal candidate is an analytical, detail-oriented professional who thrives in a fast-paced environment and is adept at managing risk while enabling business operations. This role is essential to ensuring, compliance requirements are met, and security risks are identified and mitigated in a timely manner.

Key Responsibilities

Contract & Agreement Review:

• Review client and vendor agreements for security and compliance requirements
• Analyze security-related terms to ensure commitments align with firm policies, procedures, and technical capabilities
• Identify and document gaps between contractual requirements and current security controls
• Collaborate with the Director of Information Security to prioritize and escalate identified gaps
• Assist with drafting and negotiating security terms in new contracts
  
  

• Support security risk assessments for vendor engagements and client obligations.
• Maintain documentation of security requirements, gaps, and mitigation plans.
• Lead or assist with compliance audits (e.g., SOC 2, HIPAA, GDPR, CCPA, PCI-DSS, ISO 27001) by gathering evidence and managing documentation.
• Maintain and update compliance documentation, including policies, standards, and procedures.
• Coordinate responses to client security questionnaires and due diligence requests.
• Work with Information Governance, Legal, and IT teams to maintain privacy and contractual requirements
  
  

• Support the development and delivery of security training and phishing simulation programs
• Create internal communications and awareness campaigns to foster a security-conscious culture
• Help ensure training content aligns with client, vendor, and regulatory security requirements
• Assist the Director of Information Security in planning and tracking awareness initiatives
  
  

• Draft, review, and maintain information security policies, standards, procedures, and guidelines
• Ensure policies align with contractual obligations, business goals, risk appetite, and current threat landscape
• Collaborate with legal and HR teams to enforce and communicate policy changes
  
  

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent professional experience
• Minimum 3 years of experience in information security, IT compliance, or cybersecurity risk management
• Experience reviewing client or vendor contracts for security and compliance requirements
• Familiarity with security frameworks such as NIST CSF, ISO/IEC 27001, CIS Controls, and COBIT
• Knowledge of regulatory requirements: HIPAA, SOC 2, GDPR, PCI-DSS, SOX, or FedRAMP
• Excellent analytical, investigative, and problem-solving skills
• Exceptional communication skills (written and verbal), with the ability to work crossfunctionally and present to leadership
• Ability to explain security concepts clearly in writing for training and awareness purposes
• Strong organizational skills with the ability to manage multiple tasks and deadlines
  
  

• Professional certifications such as CISSP, CISA, CISM, CRISC, Security+, or ISO 27001 Lead Auditor/Implementer
• Familiarity with cloud platforms (AWS, Azure, GCP) and their security tools and shared responsibility models
• Experience with governance, risk, and compliance (GRC) tools (e.g., Archer, OneTrust, LogicGate)
• Experience with SIEM tools, EDR, and vulnerability management platforms (e.g.,SumoLogic, CrowdStrike, Tenable)
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Strategy/Planning and Information Technology
• Industries Law Practice

Referrals increase your chances of interviewing at Fisher Phillips by 2x

Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Primary Skills: Risk Assessment-Expert, NIST-Advanced, ISO 27001-Advanced, Vendor Management-Intermediate, Audit Support-Intermediate

Contract Type: W2

Duration: 05-06 Months

Location: Santa Clara

Pay Range: $70 - $75 per hour

This role may require travel to business meetings and events and requires reliable transportation to do so.

• Review, triage, risk assess and process security requests from technical, engineering and business partners that require security input and approvals.
• Work independently to understand collaborator requirements and the security risk involved. Use security policy, process and information security expertise to advise collaborators on appropriate solutions that do not open PlayStation up to security risks.
• Review security requirements associated with third party engagement requests and determine what level of third party assurance is required.
• Initiate and support the third-party due diligence and assurance assessment processes and able to articulate and advise on associated risks to the business, contractual requirements and resulting recommendations.
• Articulate and communicate risk to relevant collaborators, whilst with technical teams, partners, and leadership teams to translate security risk into mitigation plans into action items.
• Negotiates, tracks and reports these remediation efforts within the PlayStation risk programme.
• Coordinates all aspects of information security and provides consulting services to business units and other partners.
• Works with business partners from across Playstation and Studios to identify and implement information security requirements related to projects and engagements.
• Monitors and reviews IT security controls to identify operational efficiency.
• Performing security audits related to critical systems and prioritized business scopes.
• Triage information security incidents, working with our 24/7 SOC teams, business partners and related third parties, as well as be responsible for reporting and raising where necessary.
• Works with GRC and other security tools to collect and maintain security and risk information.
• Maintains broad knowledge of industry trends in the field of information security and other technologies relevant to systems handled by the operations teams.
• Advances the InfoSec program via partnerships with shared services teams within information security.

• At least four years of related work experience within Information Security risk management or security audit, with a sound technical understanding of information technology, network or infrastructure management.
• Must be a self-starter, comfortable with processing security requests independently initiating discussion with collaborators to drill down on exact requirements and how it aligns to process and policy.
• Experience in business partner/collaborator management, across technical and non-technical partners.
• Used to working within critical metrics and SLAs to ensure efficient responses and smooth ticket management.
• Experience in Jira, Confluence and GRC tracking and assessment tools.
• Can independently perform information Security due diligence and audits, identifying gaps and require mitigations.
• Proven technical background in Information Security including work related to cloud infrastructure, SaaS applications, emerging technology.
• Ability to understand technical terminology to understand and assess security environment.
• Experience with third party due diligence and contract reviews.
• Excellent communicator, able to translate both technical and business requirements and terminology to the applicable audience.

• Familiarity with AWS (or similar) cloud security and infrastructure.
• Knowledge of and experience with SaaS and web infrastructure security
• Awareness of security risks associated with AI and other emerging technologies
• Microsoft Windows and Apple Mac OS hardening
• Policy administration
• Security standards such as SOX, ISO 27001, NIST, PCI
• Ability to handle parallel tasks and accurately detail resolutions
• Bachelor's degree in Computer Science, Information Security, or related field or equivalent experience

• Triage and evaluate submitted risks through comprehensive assessment of inherent and residual risk scores, aligning with company policies, objectives, and our current control environment
• Drive collaborative engagement with stakeholders across the organization to develop effective risk treatment plans and establish robust mitigating controls
• Contribute to and maintain our Controls Portfolio by documenting mitigating controls and ensuring accurate mapping to relevant compliance frameworks
• Partner with the Risk Management Lead to analyze and report on key risk metrics and trends, providing actionable insights for executive decision-making and strategic planning
• Shape the evolution of our risk management program, helping build and refine processes that scale with our growing organization
• Ensure the effectiveness of risk management controls through rigorous monitoring and documentation support for both internal and external audits

• Have 5-10 years of experience in governance, risk, and/or compliance roles, with a track record of adapting frameworks to evolving business needs
• Have navigated compliance challenges within high-growth organizations, particularly in heavily regulated environments
• Possess deep understanding of information security risks, controls, and threat models, with the ability to apply this knowledge to emerging technology challenges
• Bring hands-on experience with security frameworks such as SOC2, ISO 27001, FedRAMP, and HIPAA
• Excel at quantitative risk analysis and can adapt frameworks to novel use cases
• Can effectively translate complex security risks for diverse stakeholders, bridging technical details with business context to foster a risk-aware culture

• Hands-on experience with GRC platforms, project management tools, and service management systems, with a focus on scaling and automating risk processes
• Bring experience building or significantly improving risk management programs within high-growth technology organizations, particularly those dealing with emerging technologies
• Hold relevant certifications such as CRISC, ISC2 Risk Management, ISO 31000, or other information security risk credentials that demonstrate commitment to the craft

Why PlayStation? PlayStation isn’t just the Best Place to Play — it’s also the Best Place to Work. Today, we’re recognized as a global leader in entertainment producing The PlayStation family of products and services including PlayStation5, PlayStation4, PlayStationVR, PlayStationPlus, acclaimed PlayStation software titles from PlayStation Studios, and more. PlayStation also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team. The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Group Corporation. PlayStation is looking for an Information Security Analyst to join our team and operate the day-to-day Information Security, Risk and Compliance management processes. This is a mixture of processing requests from the business and driving internal security projects such as security audit and assessment. This role requires a sound understanding of technical and engineering terminology, outstanding ability to articulate risk across any security domains (technical and governance) with the demonstrable ability to work independently and process high volumes of security requests on a weekly basis. This role also provides ample opportunity to work across technical and game-related projects with studio and PlayStation engineering teams and therefore requires risk advisory and influencing experience. Based in San Diego, the candidate will be the key business relationship partner on behalf of Information Security and work on Information Security processes as well as strategic projects across PlayStation and the Studios group. This role will collaborate closely directly with business, technical and third party collaborators, as well as work multi-functionally with our other Information Security specialist teams across the globe to protect PlayStation’s intellectual property, data and infrastructure whilst delivering new and evolving games, services and hardware to the market. This is an opportunity to provide security directly to the global PlayStation business, our PlayStation Network and global Studios and their game development. What you’ll be doing: Review, triage, risk assess and process security requests from technical, engineering and business partners that require security input and approvals. Work independently to understand collaborator requirements and the security risk involved. Use security policy, process and information security expertise to advise collaborators on appropriate solutions that do not open PlayStation up to security risks. Review security requirements associated with third party engagement requests and determine what level of third party assurance is required. Initiate and support the third-party due diligence and assurance assessment processes and able to articulate and advise on associated risks to the business, contractual requirements and resulting recommendations. Articulate and communicate risk to relevant collaborators, whilst with technical teams, partners, and leadership teams to translate security risk into mitigation plans into action items. Negotiates, tracks and reports these remediation efforts within the PlayStation risk programme. Coordinates all aspects of information security and provides consulting services to business units and other partners. Works with business partners from across Playstation and Studios to identify and implement information security requirements related to projects and engagements. Monitors and reviews IT security controls to identify operational efficiency. Performing security audits related to critical systems and prioritized business scopes. Triage information security incidents, working with our 24/7 SOC teams, business partners and related third parties, as well as be responsible for reporting and raising where necessary. Works with GRC and other security tools to collect and maintain security and risk information. Maintains broad knowledge of industry trends in the field of information security and other technologies relevant to systems handled by the operations teams. Advances the InfoSec program via partnerships with shared services teams within information security. What we’re looking for: At least four years of related work experience within Information Security risk management or security audit, with a sound technical understanding of information technology, network or infrastructure management. Must be a self-starter, comfortable with processing security requests independently initiating discussion with collaborators to drill down on exact requirements and how it aligns to process and policy. Experience in business partner/collaborator management, across technical and non-technical partners. Used to working within critical metrics and SLAs to ensure efficient responses and smooth ticket management. Experience in Jira, Confluence and GRC tracking and assessment tools. Can independently perform information Security due diligence and audits, identifying gaps and require mitigations. Proven technical background in Information Security including work related to cloud infrastructure, SaaS applications, emerging technology. Ability to understand technical terminology to understand and assess security environment. Experience with third party due diligence and contract reviews. Excellent communicator, able to translate both technical and business requirements and terminology to the applicable audience. Desirable Knowledge and Skills: Familiarity with AWS (or similar) cloud security and infrastructure. Knowledge of and experience with SaaS and web infrastructure security Awareness of security risks associated with AI and other emerging technologies Microsoft Windows and Apple Mac OS hardening Policy administration Security standards such as SOX, ISO 27001, NIST, PCI Ability to handle parallel tasks and accurately detail resolutions Bachelor’s degree in Computer Science, Information Security, or related field or equivalent experience Please refer to our Candidate Privacy Notice for more information about how we process your personal information, and your data protection rights. At SIE, we consider several factors when setting each role’s base pay range, including the competitive benchmarking data for the market and geographic location. Please note that the base pay range may vary in line with our hybrid working policy and individual base pay will be determined based on job-related factors which may include knowledge, skills, experience, and location. In addition, this role is eligible for SIE’s top-tier benefits package that includes medical, dental, vision, matching 401(k), paid time off, wellness program and coveted employee discounts for Sony products. This role also may be eligible for a bonus package. Click here to learn more. The estimated base pay range for this role is listed below. $140,000—$210,000 USD Equal Opportunity Statement: Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy, maternity or parental status, trade union membership or membership in any other legally protected category. We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond. PlayStation is a Fair Chance employer and qualified applicants with arrest and conviction records will be considered for employment. #J-18808-Ljbffr