{"22083953":{"jobPath":"/jobs/22083953/chief-global-compliance-officer","source":"naylor","job":"22083953","jobTitle":"Chief Global Compliance Officer"},"22037811":{"jobPath":"/jobs/22037811/compliance-network-administrator","source":"naylor","job":"22037811","jobTitle":"Compliance Network Administrator"},"22019624":{"jobPath":"/jobs/22019624/librarian-assistant-associate-professor-university-records-manager","source":"naylor","job":"22019624","jobTitle":"Librarian Assistant/Associate Professor- University Records Manager"},"22088366":{"jobPath":"/jobs/22088366/senior-accounting-compliance-specialist","source":"naylor","job":"22088366","jobTitle":"Senior Accounting & Compliance Specialist"},"22087574":{"jobPath":"/jobs/22087574/reliability-compliance-manager","source":"naylor","job":"22087574","jobTitle":"Reliability Compliance Manager"},"22083074":{"jobPath":"/jobs/22083074/director-ethics-compliance-navista-managed-services-organization","source":"naylor","job":"22083074","jobTitle":"Director, Ethics & Compliance (Navista) - Managed Services Organization"},"22080246":{"jobPath":"/jobs/22080246/manager-ethics-and-compliance","source":"naylor","job":"22080246","jobTitle":"Manager, Ethics and Compliance"},"22089480":{"jobPath":"/jobs/22089480/effort-reporting-and-compliance-consultant","source":"naylor","job":"22089480","jobTitle":"Effort Reporting and Compliance Consultant"},"22022458":{"jobPath":"/jobs/22022458/manager-information-governance-board-and-record-systems","source":"naylor","job":"22022458","jobTitle":"MANAGER, INFORMATION GOVERNANCE (BOARD AND RECORD SYSTEMS)"},"22080924":{"jobPath":"/jobs/22080924/associate-director-of-compliance","source":"naylor","job":"22080924","jobTitle":"Associate Director of Compliance"},"22094325":{"jobPath":"/jobs/22094325/research-compliance-specialist-senior","source":"naylor","job":"22094325","jobTitle":"Research Compliance Specialist Senior"},"22093255":{"jobPath":"/jobs/22093255/assistant-director-of-athletic-for-compliance","source":"naylor","job":"22093255","jobTitle":"Assistant Director of Athletic for Compliance"},"22059019":{"jobPath":"/jobs/22059019/senior-risk-and-compliance-analyst","source":"naylor","job":"22059019","jobTitle":"Senior Risk and Compliance Analyst"},"22090636":{"jobPath":"/jobs/22090636/revenue-cycle-manager-and-privacy-officer","source":"naylor","job":"22090636","jobTitle":"Revenue Cycle Manager and Privacy Officer"},"22087543":{"jobPath":"/jobs/22087543/senior-manager-environmental-diligence-compliance","source":"naylor","job":"22087543","jobTitle":"Senior Manager, Environmental Diligence & Compliance"},"22081224":{"jobPath":"/jobs/22081224/open-rank-clinical-professor-and-director-of-quality-and-regulatory-compliance-school-of-nursing","source":"naylor","job":"22081224","jobTitle":"Open Rank Clinical Professor and Director of Quality and Regulatory Compliance - School of Nursing"},"22083066":{"jobPath":"/jobs/22083066/senior-specialist-quality-compliance","source":"naylor","job":"22083066","jobTitle":"Senior Specialist, Quality Compliance"},"22080176":{"jobPath":"/jobs/22080176/manager-transaction-review-and-compliance","source":"naylor","job":"22080176","jobTitle":"Manager Transaction Review and Compliance"},"22095265":{"jobPath":"/jobs/22095265/compliance-manager","source":"naylor","job":"22095265","jobTitle":"Compliance Manager"},"22095484":{"jobPath":"/jobs/22095484/sr-regulatory-and-compliance-officer","source":"naylor","job":"22095484","jobTitle":"Sr Regulatory and Compliance Officer"},"22087070":{"jobPath":"/jobs/22087070/affordable-housing-compliance-specialist-lihtc","source":"naylor","job":"22087070","jobTitle":"Affordable Housing Compliance Specialist (LIHTC)"},"22081802":{"jobPath":"/jobs/22081802/sr-director-sox-it-compliance","source":"naylor","job":"22081802","jobTitle":"Sr. Director, SOX IT Compliance"},"22093160":{"jobPath":"/jobs/22093160/vice-chancellor-for-legal-affairs-risk-and-compliance-and-general-counsel","source":"naylor","job":"22093160","jobTitle":"Vice Chancellor for Legal Affairs, Risk and Compliance and General Counsel"},"22093306":{"jobPath":"/jobs/22093306/director-of-compliance","source":"naylor","job":"22093306","jobTitle":"Director of Compliance"},"22093566":{"jobPath":"/jobs/22093566/principal-compliance-investigator","source":"naylor","job":"22093566","jobTitle":"Principal Compliance Investigator"}}
Laserfiche is hiring for a Senior Risk and Compliance Analyst to support Laserfiche’s Governance, Risk and Compliance (GRC) programs through hands-on execution of internal audits, control assessments and continuous monitoring activities. This role works closely with internal stakeholders, external auditors, third-party assessment organizations (3PAOs) and the GovRAMP Program Management Office (PMO) to support compliance with applicable regulatory frameworks and customer requirements.
This is an individual contributor role with a strong focus on audit execution, documentation, evidence validation and reporting. The Senior Risk and Compliance Analyst also performs technical validation of cloud security controls using the AWS Management Console, supports customer assurance requests and maintains compliance artifacts while partnering with ITS, Development, Legal and other teams.
Location:
Hybrid: Three days per week (Tuesday, Wednesday and Thursday) in-office in Long Beach, CA
Remote work from home on Mondays and Fridays
Periodic travel, including occasional weekend, may be required for international site audits.
About the Role - Key Responsibilities:
Compliance Assessments and GovRAMP Reporting
Perform internal audits, IT general computer controls testing, application security assessments and ongoing risk assessments.
Update risk registers and track findings, corrective action plans and remediation activities.
Support ongoing risk reporting and metrics tracking for internal stakeholders and executive leadership.
Ensure evidence is accurate, current and audit-ready.
Coordinate and manage external audits and assessments, including evidence requests, with auditors, 3PAOs, GovRAMP PMO, FedRAMP PMO and security firms.
Prepare and submit continuous monitoring reports and supporting artifacts to GovRAMP.
Safeguard Laserfiche information in accordance with Laserfiche Information Security Policies.
Cloud Security and AWS Evidence Validation
Perform technical validation of security controls using the AWS Management Console.
Review and collect evidence related to AWS services, configurations and security controls, including IAM, logging, encryption and monitoring.
Partner with ITS and Development to validate cloud control implementation and operating effectiveness.
Support corporate and cloud security documentation and evidence mapping to NIST 800-53, ISO 27001, SOC 2, CIS controls and other applicable control frameworks and standards.
Identify control gaps or inconsistencies and escalate findings through established GRC processes.
Controls, Privacy and Documentation
Document, test and monitor IT, application and data privacy controls as part of an ongoing GRC program.
Maintain control matrices, control narratives and framework mappings.
Collaborate with department stakeholders and Legal to perform privacy impact assessments (PIAs) and data protection impact assessments (DPIAs).
Support data mapping, data inventories and data privacy compliance documentation.
Update policies, procedures and standards under the direction of GRC leadership.
Vendor Risk Management and BC/DR
Perform vendor risk management assessments for third-party service providers.
Track vendor remediation activities and risk treatment plans.
Update business impact analyses (BIAs) and business continuity plans (BCPs).
Coordinate with ITS and Development on disaster recovery plan updates and testing.
Customer Assurance and Sales Enablement
Respond to customer security questionnaires, RFPs and security and AI due diligence requests.
Maintain and update standard assurance artifacts such as HECVAT, CAIQ and similar documents for customer distribution.
Partner with Sales, Legal and ITS to ensure responses are accurate, consistent and approved.
Monitor customer contractual security and compliance requirements and flag risks or gaps.
Bachelor’s degree in information systems, IT audit, cybersecurity or a related degree program is required.
Three to seven years of experience in IT audit, GRC, cloud security compliance or related roles.
Relevant certifications such as CISA, CRISC, CISM or AWS are required
Hands-on experience supporting IT audits, compliance assessments or GRC programs.
Experience with industry regulations (e.g., HIPAA, GDPR, CCPA), GovRAMP, FedRAMP, CMMC and leading frameworks such as AICPA Trust Services Criteria, NIST 800-53 and ISO 27001.
Practical experience navigating the AWS Management Console for security and compliance evidence collection and understanding key AWS security concepts.
Strong technical skills in auditing, controls and cybersecurity; Big Four experience a plus.
Excellent communication, presentation and negotiation skills, with the ability to influence internal and external stakeholders and write policies and controls documentation.
Exceptional organizational and program management skills with a keen attention to detail.
