Business Risk Analyst
Listed on 2026-07-10
-
IT/Tech
Cybersecurity, IT Business Analyst
Business Risk Analyst
Illumia is an industry leader in bringing the best integrated technology solutions to education, healthcare, and business campuses worldwide. Illumia was built on the collective expertise of two legacy cultures, and brings together people, technology, and insight to pioneer the art of the experience across the communities we serve. Be a part of this exciting organization and improving the lives of people doing mission-critical work.
We strive to provide the best customer experience in the industry and have succeeded with a single, strong motivating principle:
We serve our user community.
Our success and growth are directly attributed to our people. Our newly named company is dedicated to fostering a culture of integrity, respect, and continuous personal development. We maintain an entrepreneurial spirit, where creativity, innovative problem-solving, and learning agility drive our day-to-day actions.
We are seeking an experienced detail-oriented and proactive Business Risk Analyst to support the organization's information security compliance, GRC workflow, and risk management initiatives. This role will play a key part in maintaining adherence to regulatory frameworks, assisting with security control KPIs, coordinating audit activities, and managing risk issues and action plans. The ideal candidate will have experience performing risk assessments, developing and/or managing business continuity plans, working with external auditors and cybersecurity frameworks.
Work closely with IT, HR, Legal, Product, Cloud Services, and Engineering teams to align risk strategies with business objectives.
Key Responsibilities and Duties- Track compliance status, action items, and report progress via KPIs to management on a regular basis
- Prepare risk reports and dashboards for senior leadership and internal committees
- Assist with the development and maintenance of risk registers and track mitigation plans
- Support the execution of risk assessments and security control reviews across business units and IT environments
- Assist in compliance efforts of evidence collection and control testing projects with third-party auditors and internal assessments
- Maintain organized documentation for audit readiness and compliance tracking
- Coordinate with internal teams to gather responses to auditor inquiries and remediate identified gaps
- Assist and evaluate third-party vendor and partner workflows and document initial and ongoing third-party due diligence
- Help evaluate the effectiveness of technical and administrative security controls
- Assist with the development and maintenance of compliance-related policies, standards, and procedures
- Works independently with clear direction and flags issues early to maintain momentum.
Required Qualifications
- 5+ years of experience in information security, risk management, or compliance.
- Working knowledge of SOC 2, PCI DSS, HIPAA, GovRAMP, NIST CSF or similar frameworks.
- Prior experience managing process workflows within TPRM due diligence cycles and vendor/partner onboarding.
- Experience tracking and analyzing external audits, KPIs, and compliance evidence collection with attention to detail.
- Strong analytical, communication, and project management skills.
- Ability to communicate clearly with technical and non-technical stakeholders.
Preferred Qualifications
- Familiarity with Audit Board/Optro or similar GRC platforms and documentation tools is a plus.
The duties and responsibilities described in this job description are intended to represent the essential functions of the position as defined under applicable federal, state, and local labor laws, including the Americans with Disabilities Act (ADA). These functions are the fundamental job duties required for successful performance.
Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions unless such accommodations impose an undue hardship on the organization.
This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities. Duties may be added, removed, or modified at any time in accordance with business needs and applicable…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).