IS Compliance Analyst II

Leads information security compliance activities regarding regulatory, agreement-based, and risk-based requirements. The position involves leading internal teams through compliance activities, including understanding requirements, recommending solutions and alternatives to remediate technical or procedural gaps, and conducting cybersecurity assessments. The role requires collaboration with administrative and technical teams to respond to security assessments from third parties and applying recognized cybersecurity frameworks and standards (e.g., NIST SP 800-53, NIST SP 800-171, NIST Cybersecurity Framework, PCI, HIPAA, HITRUST, etc.) in risk assessments and audits. Documentation of findings, assessment processes, and recommended actions must be clear, concise, and actionable. The position also participates in information security and risk continuous process improvement initiatives and coordinates the development and maintenance of information security policies, standards, and procedures. Staying up-to-date and informed of information security industry changes and trends is essential, as is participation in outside education advancement.