APCO Holdings partners with dealerships across North America to deliver innovative vehicle protection products and services that enhance the ownership experience for customers and drive growth for our partners. Through our family of brands, we bring together industry expertise, technology, and data-driven insights to help dealers strengthen their finance and insurance performance and build lasting relationships with their customers.
Our teams work collaboratively across operations, technology, risk, finance, marketing, and sales to deliver solutions that create measurable value and support the continued growth of APCO and the partners we serve.
We are looking for a Senior Security Risk & Compliance Analyst to support and strengthen APCO’s security governance, risk, and compliance (GRC) initiatives. In this role, you will help drive compliance efforts, assess security controls, identify risks, and support the organization’s ongoing commitment to maintaining a strong security posture and regulatory compliance.
### What You'll Do
Security Compliance & Governance
Collaborate across departments to ensure alignment with security compliance frameworks and regulatory requirements (SOC 2, NYCRR, FTC Safeguards Rule, etc.)
Conduct security control mapping and compliance reconciliation activities
Support the development, implementation, and maintenance of security policies, standards, and procedures
Monitor and assess the effectiveness of security controls and compliance initiatives
Risk Assessment & Mitigation
Identify, assess, and prioritize security risks across systems, processes, and operations
Partner with stakeholders to develop remediation plans and mitigation strategies
Provide recommendations on security best practices and control implementations
Conduct regular security audits and compliance assessments
Reporting & Documentation
Maintain documentation related to audits, risk assessments, remediation efforts, and compliance activities
Prepare reports and dashboards on compliance status, risks, KPIs, and trends for leadership
Track remediation efforts and support continuous improvement initiatives
Security Awareness & Collaboration
Support development and delivery of security awareness and training programs
Promote a culture of security awareness and accountability across the organization
Stay current on emerging threats, technologies, and evolving regulatory requirements
### What Makes You Successful
You’ll be successful in this role if you’re highly analytical, detail-oriented, and passionate about security governance and compliance. You’re comfortable evaluating risks, identifying gaps, and collaborating across teams to strengthen security controls and processes.
You’re also a strong communicator who can translate complex compliance and security concepts into actionable guidance for both technical and non-technical stakeholders. You thrive in fast-paced environments and enjoy balancing strategic thinking with hands-on execution.
### Basic Qualifications
Bachelor’s degree in Information Security, Information Technology, or a related field
8+ years of experience in IT security or related fields
5+ years of experience in risk management and regulatory compliance
5+ years of experience supporting or leading SOC 2 compliance efforts
Strong understanding of security frameworks, controls, and regulatory requirements
### Preferred Qualifications
Professional certifications such as CISSP, CISM, or CISA
Experience with compliance frameworks and regulations such as SOC 2, NYCRR, and FTC Safeguards Rule
Experience conducting audits, risk assessments, and remediation tracking
Experience working in regulated industries such as insurance or financial services
### This Role Might Be a Great Fit If You…
Enjoy identifying risks and improving security processes
Thrive in cross-functional, collaborative environments
Like balancing technical security concepts with governance and compliance
Are motivated by protecting systems, data, and organizational integrity
### What We Offer
Competitive compensation
Comprehensive medical, dental, and vision benefits
401(k) with company match
Paid time off and company holidays
Opportunities for professional growth and certification support
A collaborative and security-focused work environment
At APCO, the way we work matters just as much as the results we deliver. Our values guide how we work, how we partner, and how we deliver results.
We C.A.R.E.
Committed – We build strong, high-trust relationships with our partners and each other.
Accountable – We take ownership of outcomes and hold ourselves to the highest standards of performance and integrity.
Results-Driven – We focus on delivering measurable outcomes that create value for our partners and our business.
Excellent – We strive for excellence in everything we do while balancing short-term performance with long-term success.
If you're excited about joining a team that values collaboration, accountability, and continuous improvement, we'd love to hear from you.
By submitting your application, you acknowledge that you have read and understand our Privacy Policy and Terms & Conditions. APCO Holdings may collect personal information (such as name, contact details, and employment history) to evaluate your candidacy. We may share this data with our subsidiaries, affiliates, and service providers. We retain applicant data only as long as necessary for the hiring process or as required by law. 