Risk and Controls Analyst


Information Technology


Boston, MA

Job Title: Risk and Controls Analyst
Department & Organization: ​IT
Level: ​Professional

Location: Boston, MA (preferred) or Remote-New England

Acquia, is transforming the digital strategies of companies all over the world with our open cloud platform. We are passionate and relentlessly committed to helping our clients create digital experiences that are more relevant, personalized, and built for a fast-changing, always-connected, mobile-first world. Headquartered in the US, we have been named as one of North America’s fastest growing software companies as reported by Deloitte and Inc. Magazine, and have been rated a leader by the analyst community and named one of the Best Places to Work by the Boston Business Journal. We are Acquia. We are building for the future of the web, and we want you to be a part of it.



Acquia’s global Information Security team is seeking a Risk & Controls Analyst. In this role you will be responsible for driving best practices across the organization to promote compliance with existing regulatory and audit processes in addition to the evaluation of emerging standards and regulations to be integrated into the organization. This role reports to the Manager of Risk and Compliance.


  • This role will primarily be responsible for supporting regulatory/external audit activity, including but not limited to audit deliverable coordination, on-site audit coordination, and interim internal audit assurance activities. Audits include those from Payment Card Industry (PCI), Service Organization Controls Reporting (SOC), International Organization of Standardization (ISO), Federal Risk and Authorization Management Program (FedRAMP), and others.
  • This role requires collaboration with stakeholders at all levels of the organization; therefore, candidates should demonstrate skillful communication, flexibility, and conflict resolution skills.


Responsibilities include, but are not limited to:

  • Document, retain, report and clearly articulate audit-related information (i.e., scope, findings, recommendations, corrective action plans, and status)
  • Action multiple audits and collaborate across multiple business segments
  • Work with various internal groups to gather needed information for audits
  • Monitor changes in requirements to mitigate risks and achieve compliance
  • Conduct due diligence over prospective and existing third-party vendors
  • Analyze, understand and articulate regulatory and contractual requirements and apply identified requirements to business operations when supporting regulatory/external audits
  • Enhance day-to-day activities to scale operations
  • Facilitate contract negotiation for compliance-related language
  • Perform additional duties as requested or required by management


Key Skills and Attributes:

  • Undergraduate degree
  • 2+ years of experience working with compliance standards such as PCI, NIST, FedRAMP, SOC, ISO
  • Intermediate level of proficiency with MS Word, Excel and PowerPoint
  • 2+ years of experience in compliance, privacy and/or regulatory affairs or with supporting audits in a highly regulated industry
  • Respond positively to opportunities to be involved in brainstorming and iterative work. Handles times of change in a way that drives innovation and iteration.
  • Deliver on service commitments and established or agreed upon deadlines
  • Take on additional responsibilities and fill in gaps. Own deliverables, accountable for results. Recognizing when it's appropriate to jump in and own it and also when to provide support and collaboration.
  • Certification in risk, audit, privacy or other related areas (e.g. CISSP, CISA, etc.) a plus

Acquia is an equal opportunity (EEO) employer. We hire without regard to age, color, disability, gender (including gender identity), marital status, national origin, race, religion, sex, sexual orientation, veteran status, or any other status protected by applicable law.