IT Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in related field or equivalent education/experience.
• Understanding of IT systems, applications, networks and databases.
• Knowledge of SOX and Operational Controls.
• 2 + years of experience in working on a IT compliance program and/or information security program for level 2. More advanced experience required for level 3 including managing more complex tasks, broader responsibilities, and increased autonomy in decision-making or leading initiatives.
• Familiarity with SOX, NIST, ISO 27001, or similar regulatory frameworks.
• Experience with third-party risk management tools and processes.
• Analytical, communication, and organizational skills.
• Ability to work independently and collaboratively in a fast-paced environment.
• Understanding of assessing and designing internal and security controls.
• Experience in developing and submitting audit and compliance reports to governing.
• Understanding of cloud security and modern IT environments.

Nice To Haves

• Experience in planning, organizing, and developing information technology policies, procedures, and practices.
• Ability to propose creative solutions to successfully remediate identified compliance issues.
• Certifications in one or more of the following areas preferred: CISA, CRISC, CISSP, and CISM.

Responsibilities

• Ensure company complies with all local, state and federal requirements.
• Performing and coordinating the testing of key controls, documenting findings, and ensuring controls are effectively designed and operating as intended.
• Collaborate with internal and external auditors to facilitate walkthroughs, evidence collection, and remediation tracking.
• Assist in the development and maintenance of IT compliance policies, procedures, and control frameworks.
• Monitor and report on control deficiencies, remediation plans, and risk mitigation strategies.
• Conduct security risk assessments of third-party vendors, including review of SOC reports, security questionnaires, and contractual obligations.
• Evaluate vendor responses and identify potential risks or gaps in security controls.
• Work with business units and procurement to ensure vendors meet security and compliance standards.
• Maintain a centralized repository of vendor assessments and risk ratings.

Benefits

• Rich health insurance benefits with competitive employer contribution
• Free access to an online wellness resources platform
• Up to 23 Vacation Days
• 80 Hours of Sick Time
• 10 paid holidays and 3 floating holidays
• Flexible work arrangements
• 3 weeks paid parental leave
• Green Team / Diversity, Equity & Inclusion Council / Safety Team / Women’s Network and many other Employee Resource Groups
• 1500 sq foot exercise facility and secure bike room
• Meaningful annual incentive bonus opportunity in addition to base salary
• Competitive 401K company contribution and match
• 15% discount on NW Natural stock through Employee Stock Purchase Program
• Up to $5250 a year in tuition reimbursement
• Wellness incentive program
• 20% off natural gas service
• Up to 30% discount at NW Natural Appliance Center
• TriMet Pass for all HQ employees
• Generous discounts with Verizon & AT&T Wireless