Position:

Job Description:

Arrow Electronics is seeking a proactive and detail-oriented Mid-Level IT Risk Analyst to join our dynamic IT Risk team. The ideal candidate will have 3-5 years of experience in cybersecurity risk identification, assessment, and remediation, with a strong background in various compliance frameworks and proven experience in independently managing audits. The Arrow IT Risk team provides a heavy amount of IT compliance guidance to the business from an advisory perspective. The ideal candidate would have worked with and been directly involved with business leaders to help enable and wrap compliance and certifications around respective business processes (sales, new business development, emerging markets).

This is a remote position, but candidates must be located in the Atlanta metro.

What You'll Be Doing:

• Conduct comprehensive risk assessments of IT systems, applications, and business processes

• This is a strategic risk and governance role focused on planning and understanding frameworks, not a technical position.

• Maintain and contribute to risk management frameworks and methodologies

• Ensure compliance with relevant industry standards and regulations

• Identify, document, and manage risks in the risk register

• Collaborate with IT and business teams to implement risk mitigation strategies

• Monitor, assess, and report on the effectiveness of risk management controls

• Independently manage and successfully complete multiple audits as the auditee, from preparation to closure

• Assist in reviewing security incidents and their potential impact on business operation

• Monitor vulnerabilities and assist IT teams with tracking vulnerability management remediation

What We Are Looking For:

• Education: Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field. Master's degree is a plus.

• Experience: 3-5 years in IT risk management/governance or information security with a heavy focus IT compliance.

• Heavy exposure to business processes, providing IT compliance advisory services to the business.

• Proven track record in IT risk assessments and mitigation actions.

• Demonstrated ability to independently manage multiple IT audits end-to-end as the auditee.

• Technical Knowledge: Strong understanding of IT governance frameworks (e.g., COBIT, ITIL) and risk assessment methodologies (e.g., FAIR, OCTAVE, NIST RMF).

• Compliance Expertise: Must have experience with multiple compliance frameworks, including ISO 27001 and CMMC. Familiarity with GDPR, HIPAA, PCI DSS, TISAX, DFARS-252.204-2017, FedRAMP and SOX is highly desirable.

• Tools and Technologies: Proficiency in risk management and GRC (Governance, Risk, and Compliance) platforms.

• Business Acumen: Understanding of business processes and their intersection with IT systems.

• IT Audit or Project Management experience is a plus!

Key Competencies

• Excellent communication and presentation skills, including the ability to explain complex technical concepts to non-technical stakeholders.

• Proven ability to manage and successfully complete audits independently, demonstrating strong organizational and documentation skills.

• Strong analytical and critical thinking abilities.

• Adaptability to keep up with evolving compliance & regulatory changes, security threats, and technologies.

• Collaboration skills and ability to work in cross-functional teams.

• Effective time management, especially during busy ISO and other audit cycles.

• Strong ethical behavior and commitment to maintaining confidentiality.

• Experience working with publicly traded companies and/or firms under multiple certifications is highly valued.

Preferred Qualifications

• The ideal candidate is one that has worked in lockstep with various business units from an IT Risk advisory perspective.

• Candidates that have been auditees and handled end to end ISO 27001 audits from inception to closure.

• Relevant certifications (e.g., CRISC, CISM, CISSP, CISA, RMP)

• Experience with cloud security compliance and emerging technologies

• Knowledge of IoT and AI/ML security implications

Work Arrangement: Remote 5 days a week - but must be located in the Alpharetta area to travel to the Alpharetta office as requested by Arrow leadership.

What’s In It For You:

At Arrow, we recognize that financial rewards and great benefits are important aspects of an ideal job. That’s why we offer competitive financial compensation, including various compensation plans, and a solid benefits package.

• Remote work!

• Medical, Dental, Vision Insurance

• 401k, With Matching Contributions

• Paid Time Off (including sick, holiday, vacation, etc.)

• Health Savings Account (HSA)/Health Reimbursement Account (HRA) Options

• Growth Opportunities

• Short-Term/Long-Term Disability Insurance

• And more!

Arrow will not sponsor applicants for work visas for this role.

Actual compensation offer to candidate may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level. The pay ratio between base pay and target incentive (if applicable) will be finalized at offer.

Location:

Time Type:

Job Category:

EEO Statement:

Arrow is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, gender, age, sexual orientation, gender identity, national origin, veteran or disability status. (Arrow EEO/AAP policy)

We anticipate this requisition will be open for a minimum of five days, though it may be open for a longer period of time. We encourage your prompt application.

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.