IT Audit & Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Accounting, or related field.
• 3+ years of experience in IT audit, compliance, or GRC functions.
• Direct experience supporting or leading: HITRUST CSF certification PCI DSS compliance initiatives SOC 2 Type I and Type II audits
• Demonstrated experience interpreting regulatory frameworks and translating them into internal compliance requirements.
• Experience coordinating multi-departmental evidence collection efforts.
• Experience presenting documentation and responding directly to external auditors.
• Strong documentation, organizational, and stakeholder management skills.

Nice To Haves

• Professional certifications such as: CISA, CRISC, CISSP, PCI ISA, or HITRUST CCSFP.
• Experience with compliance automation or GRC platforms (e.g., Archer, ServiceNow GRC, Vanta, Drata).
• Familiarity with cloud environments (AWS, Azure, GCP) and cloud security controls.
• Understanding of HIPAA, NIST CSF, ISO 27001, or other regulatory frameworks

Responsibilities

• Interpret and operationalize requirements from HITRUST CSF, PCI DSS, and SOC 2 standards.
• Analyze regulatory language and translate it into clear, implementable control requirements for IT, Security, Engineering, Infrastructure, HR, and Business Operations teams.
• Identify applicability of specific requirements based on system architecture, data flows, and business processes.
• Document compliance narratives that clearly articulate how organizational processes satisfy regulatory criteria.
• Maintain traceability between regulatory requirements and implemented controls.
• Lead end-to-end audit readiness activities for HITRUST certification, PCI DSS assessments (SAQ or ROC), and SOC 2 Type I/II examinations.
• Develop and manage structured evidence request lists across departments.
• Partner with system owners, application teams, infrastructure teams, and business stakeholders to collect accurate, complete, and audit-ready documentation.
• Validate evidence for completeness, accuracy, and alignment with auditor expectations prior to submission.
• Maintain organized audit repositories and version-controlled documentation.
• Serve as the primary point of contact between auditors and internal departments.
• Conduct preparatory sessions with stakeholders to ensure clarity on audit expectations.
• Guide teams in producing defensible documentation and system artifacts.
• Resolve gaps or ambiguities in evidence through structured follow-up and remediation tracking.
• Foster accountability for compliance obligations across the enterprise.
• Present policies, procedures, and technical evidence directly to external auditors.
• Provide structured walkthroughs of systems, processes, and compliance narratives.
• Respond to auditor inquiries with clear, technically accurate explanations.
• Defend evidence positions using regulatory language and documented standards.
• Manage follow-up requests and supplemental documentation throughout the audit lifecycle.