Trinity Church Wall Street

IT Risk & Compliance Analyst

Trinity Church Wall Street$126K — $157K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Information Systems, or related field.
  • 3-5 years of experience in IT risk management, information security, or IT audit.
  • Strong understanding of IT risk frameworks like PCI DSS, NIST, and ISO 27001.
  • Knowledge of disaster recovery planning and operational resilience practices.
  • Excellent communication skills with both technical and non-technical stakeholders.

Responsibilities

  • Develop and coordinate vendor risk management frameworks and processes.
  • Compile metrics reporting threats and risks to leadership.
  • Research emerging cyber threats to identify network incidents.
  • Facilitate assessments of third-party risks and ensure security compliance.
  • Coordinate security awareness and role-based training programs.

Benefits

  • Flexible hybrid work environment.
  • Opportunities for professional development and certifications.
  • Supportive culture promoting continuous improvement in security practices.
  • Engagement with various stakeholders across the organization.
Full Job Description
Position Summary:

The IT Risk & Compliance Analyst plays a critical role in safeguarding Trinity's technology environment by managing cybersecurity risk, regulatory compliance, and business continuity programs. In addition to ensuring compliance with standards such as PCI DSS and overseeing disaster recovery planning, this role monitors Trinity's IT environment for emerging cyber threats and coordinates incident response efforts.

As a hybrid security and compliance role, the Analyst supports the development and enforcement of security policies, manages security assessments and remediation, and maintains documentation for internal governance and external audits. The role also provides hands-on technical oversight of log reviews, vulnerability scans, and threat monitoring activities. By promoting a security-aware culture and enabling continuous improvement, the IT Risk & Compliance Analyst strengthens the organization's resilience and readiness in the face of evolving threats.

The annual salary range for this position is $126,100 to $157,900.

Essential Duties and Responsibilities:

Governance

  • Develop and coordinates vendor risk management frameworks, policies and processes within a broader enterprise, operational and IT risk management model.
  • Compile metrics for reporting threats, risks, and success of operating controls to leadership.
  • Coordinate creation, approval, maintenance and updating of security policies.
  • Coordinate periodic access reviews.


Risk Management

  • Develop and maintain a methodology to identify and prioritize internal and external threats, quantify the risk to the organization, and recommend methods to mitigate or remediate risk. Work with risk owners to develop appropriate risk response plans; monitor plans to closure.
  • Develop and maintain a risk register. Coordinate periodic management reviews and manage exception requests.
  • Research emerging threats and vulnerabilities to aid in the identification of network incidents.


Third-Party Risk Management

  • Coordinate management of vendor, supplier and other third-party risk.
  • Facilitate assessments of new and existing third-parties. Evaluate statements of work from partners to ensure that adequate security protections are in place. Assess provider documentation (e.g., security assessment questionnaire responses, SOC 1 or SOC 2 audit reports, or other sources).
  • As risks are identified, report risks to management and vendor management teams; work with third-parties to develop appropriate risk response plans; and monitor plans to closure.


Security Awareness and Training

  • Coordinate, maintain and continuously improve security awareness and role-based security training programs, to mitigate human risks.
  • Educate stakeholders on cybersecurity-related matters to increase awareness and improve culture.
  • Create and coordinate plans for role-based security training.


Audit and Compliance

  • Work with Legal to maintain an understanding of internal and external regulatory compliance requirements.
  • Assist in responding to findings from external audits, penetration tests and vulnerability assessments.
  • Conduct security control gap assessments of internal systems, third-party and internally-developed applications, and IT infrastructure. Work with technical teams as they develop remediation plans and track approved plans to completion.


Security Monitoring and Incident Response

  • Serve as the designated backup Incident Manager when the primary manager is unavailable. Lead the end to end response to security incidents, coordinating with external partners as needed (such as cyber insurance carriers, digital forensics teams, and root cause analysis specialists). When activated, initiate and direct the security incident response process and exercise decision making authority within the scope of the role to ensure timely and effective resolution.


Required Knowledge, Skills, and Activities:

  • Strong understanding of IT risk frameworks, compliance requirements, and security standards (e.g., PCI DSS, NIST, ISO 27001).
  • Experience supporting internal audits, managing risk registers, and working with external compliance assessors.
  • Excellent communication and interpersonal skills with both technical and non-technical stakeholders.
  • Highly organized with attention to detail, especially in documenting controls and producing reports.
  • Knowledge of disaster recovery planning and operational resilience practices.
  • Strong communications and interpersonal skills with a customer-service orientation, including listening, written, and verbal communication
  • Strong informal or formal project management skills with a proven history of getting projects done and meeting project goals utilizing teams
  • Familiarity with threat detection platforms, endpoint security, vulnerability scanning tools, and log analysis.
  • Ability to conduct root cause analysis and support containment, eradication, and recovery efforts.
  • Strong ability to effectively prioritize work
  • Must be able to work independently
  • Distinctive blend of business, IT, financial and communication skills, because this is a highly visible position with substantial impact
  • Knowledge of project management methodology and experience or familiarity with major, defined program management approaches.
  • Knowledge of project planning/scheduling tools, with a solid track record of practical application.
  • Effective influencing and negotiating skills in an environment in which this role may not directly control resources
  • Strong knowledge and understanding of business needs, with the ability to establish and maintain a high level of customer trust and confidence
  • Ability to communicate ideas in both technical and user-friendly language.
  • Good analytical and problem-solving abilities.
  • Highly self-motivated and directed.
  • Experience working in a team-oriented, collaborative environment.
  • Additional working hours as required


Required and Preferred Education, Experience, and Credentials:

Required

Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:

  • Bachelor's degree in Cybersecurity, Information Systems, or a related field, or equivalent experience.
  • Minimum 3-5 years of experience in IT risk management, information security, cybersecurity operations, or IT audit.
  • Experience supporting disaster recovery planning and regulatory compliance efforts.


Preferred

  • Background in security architecture is a plus.
  • Preferred certifications: CISA, CRISC, CISSP, or equivalent.

About Trinity Church Wall Street

Trinity Church Wall Street is a historic Episcopal parish that has been a part of New York City's history for more than 300 years. The church is located in Lower Manhattan and is known for its rich history, stunning architecture, and vibrant community. Trinity Church Wall Street is committed to serving the community through a variety of programs and initiatives, including social justice advocacy, arts and culture, and education.
Learn more about Trinity Church Wall Street
Size
500 employees
Industry

Similar Jobs

More Jobs at Trinity Church Wall Street

More Information Technology Jobs

Find similar IT Risk & Compliance Analyst jobs: