IT Risk and Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in information security, Computer Science, Information Systems, or equivalent experience.
• 2 to 4 years of experience in IT Compliance, Audit, Risk Management, or related fields.
• Demonstrated experience with HITRUST and SOC 2 audits, including evidence collection, remediation, and certification maintenance.
• Strong knowledge of HITRUST CSF, SOC 2 (SSAE 18), HIPAA, and familiarity with NIST, CIS and ISO 27001 frameworks.
• Experience conducting technical risk assessments and recommending mitigation strategies.
• Proven experience implementing and managing security and compliance technologies and frameworks, including Data Loss Prevention (DLP), Privileged Access Management (PAM), Identity and Access Management (IAM), Role-Based Access Control (RBAC), and Governance, Risk, and Compliance (GRC) processes.
• Strong collaboration skills with executives, technical SMEs, and auditors.
• Proficiency in evaluating and documenting IT processes, controls, and audit evidence.
• Strong project management, organizational, and communication skills.
• Technical aptitude to understand IT systems, security tools, and evidence generation processes.
• Fluency in English required.

Nice To Haves

• Preferred Certifications: CISA, CRISC, CCSFP (or ability to obtain within 1 year).
• Experience in healthcare or other highly regulated industries, particularly in HIPAA Business Associate environments.

Responsibilities

• Participate in all phases of HITRUST and SOC 2 audits, including readiness assessments, evidence collection, remediation tracking, and certification maintenance.
• Translate audit and compliance requirements into technical controls and identify appropriate tools and evidence sources.
• Conduct technical risk assessments and control testing to evaluate compliance with internal policies and external standards.
• Coordinate internal and external audits with IT process owners and stakeholders, ensuring timely and accurate responses to auditor requests.
• Monitor the risk and control environment for emerging threats and evolving compliance requirements; recommend and implement control enhancements.
• Identify and implement process improvements to mature IT compliance practices, including automation and optimization opportunities.
• Educate and train control and process owners on compliance responsibilities and foster a culture of security and accountability.
• Guide departments in implementing and maintaining security controls aligned with HITRUST, SOC 2, and HIPAA.
• Support third-party risk management and business continuity planning activities.
• Maintain and update policies, standards, and guidelines to reflect current compliance requirements.
• Provide support for vulnerability management, incident management, and incident response as needed.
• Comply with Solarity’s policies, procedures and guidelines.
• May be required to perform other related Information Security duties as assigned.