Compliance & Risk Analyst

Who We Are: Transact Campus

Transact Campus and CBORD have united as industry leaders, providing integrated technology solutions that power housing, access, foodservice, nutrition, eCommerce, card systems, and innovative payment, mobile credential, and commerce solutions. Our technology supports K-12, higher education, healthcare, senior living, and business campuses, creating connected experiences that simplify operations and enhance lives. With a mobile-centric ecosystem and partnerships with over 1,750 institutions, we are dedicated to improving campus life across all aspects.

Job Overview: Compliance & Risk Analyst

We are searching for a detail-oriented and proactive Compliance & Risk Analyst to support Transact Campus's security compliance and risk management initiatives. This role is crucial for maintaining adherence to regulatory frameworks, assisting with security control reviews, coordinating audit activities, and managing risk assessments. The ideal candidate will have experience performing risk assessments, developing/managing business continuity plans, and working with external auditors and frameworks such as SOC 2, PCI DSS, HIPAA, StateRAMP, or FedRAMP.

Key Responsibilities

• Support the execution of risk assessments and security control reviews across business units and IT environments.
• Assist in evidence collection and control testing for third-party audits and internal assessments.
• Maintain organized documentation for audit readiness and compliance tracking.
• Coordinate with internal teams to gather responses to auditor inquiries and remediate identified gaps.
• Track compliance status, action items, and report progress to management regularly.
• Help evaluate the effectiveness of technical and administrative security controls.
• Contribute to the development and maintenance of compliance-related policies, standards, and procedures.
• Stay informed of changes to relevant regulatory and industry frameworks.
• Work independently with clear direction, flagging issues early to maintain momentum.

Qualifications

• Bachelor's degree in computer science or 1-2 years of related experience in Networking, Cybersecurity or IT Infrastructure Industry preferred.
• Proficiency in Security Information Event Management (SIEM).
• Proven propensity to learn new technologies and skills quickly.
• Thrives in a collaborative team environment.
• Demonstrates analytical problem-solving skills.
• Excellent written and verbal communication skills.

Preferred Requirements

• 2+ years of experience in information security, risk management, or compliance.
• Working knowledge of SOC 2, PCI DSS, HIPAA, StateRAMP, or similar frameworks.
• Experience supporting external audits and compliance evidence collection.
• Strong organizational skills and attention to detail.
• Ability to communicate clearly with technical and non-technical stakeholders.
• Familiarity with AuditBoard or similar GRC platforms and documentation tools is a plus.

Benefits and Future Planning

• Employer-paid Life Insurance / AD&D / Short-Term Disability.
• Voluntary Long-Term Disability Insurance / Term Life Insurance / AD&D.
• Access to FSA Plans & Commuter Benefit Plans.
• 401(k) Savings Plan with a Company Match of $0.50 for each $1 contributed on the first 8% of pay (immediately 100% vested).
• Access to the Roper Employee Stock Purchase Plan.
• Paid Parental Leave Program.

Important Notes

Base salary offers for this position may vary based on factors such as location, skills, and relevant experience. Some positions may include additional compensation in the form of bonus, equity, or commissions.

Transact + CBORD is an equal employment opportunity employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, protected military/veteran status, or any other protected factor.

As of August 20, 2024, Transact and CBORD have merged to drive innovation and operational excellence across education, healthcare, and corporate markets.

This position will be responsible for the handling of PHI (personal health information) and/or other types of SPI (sensitive personal information) and will be expected to comply with all applicable laws and internal policies with regards to handling of PHI/SPI.

Key skills/competency

• Risk Assessment
• Security Compliance
• Audit Coordination
• Regulatory Frameworks
• Policy Development
• Evidence Collection
• Gap Remediation
• Control Testing
• Information Security
• Data Privacy