IT Security Compliance Analyst

Summary:

As a Compliance Analyst, you will play a crucial role in strengthening our compliance posture, working closely with various stakeholders to ensure our operations meet the highest standards of security and regulatory adherence.

Key Responsibilities:


* Policy Documentation: Develop, review, and update IT security and compliance policies, standards, and procedures to ensure they are current, comprehensive, and align with industry best practices and regulatory requirements.


* Audit Support: Coordinate and facilitate internal and external audit requests, gathering necessary documentation, evidence, and providing support during audit examinations.

Assist in tracking and monitoring audit findings to ensure timely remediation.


* Third-Party Risk Management: Manage the lifecycle of third-party security and compliance questionnaires, including distribution, collection, and meticulous logging of responses.

Analyze questionnaire data to identify potential risks and support due diligence processes.


* Compliance Reporting: Assist in the preparation of compliance reports and dashboards for management, highlighting key metrics, compliance posture, and areas for improvement.


* Training & Awareness: Contribute to the development and delivery of compliance training and awareness programs for employees to foster a culture of security and compliance.


* Risk Assessment Support: Participate in IT risk assessments, helping to identify, assess, and mitigate compliance-related risks.


* Continuous Improvement: Stay abreast of evolving regulatory landscapes, industry standards, and emerging threats to proactively recommend and implement compliance enhancements.


* Collaboration: Work collaboratively with IT operations, legal, internal audit, and other business units to ensure seamless integration of compliance requirements.


* Ad-Hoc Duties: Perform other duties as assigned that align with the overall goals and objectives of the IT Security and Compliance team.

Qualifications:


* Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Business, or a related field.


* 2+ years of experience in an IT compliance, audit, or security role.


* Solid understanding of common IT compliance frameworks (e.g., NIST, ISO 27001, SOC 2, HIPAA, PCI DSS, CIS18).


* Proven experience in developing and documenting policies, procedures, and standards.


* Strong analytical and problem-solving skills with meticulous attention to detail.


* Excellent written and verbal communication skills, with the ability to articulate complex compliance concepts clearly and concisely.


* Ability to work independently and as part of a team in a fast-paced environment.


* Proficiency with Microsoft Office Suite (Word, Excel, PowerPoint).

Preferred Qualifications:


* Relevant certifications such as CISA, CISM, CompTIA Security+, or similar.


* Experience with GRC (Governance, Risk, and Complian...