Security Policy & Compliance Analyst

About The Position

Requirements

• Bachelor of Science (BS) in Computer Science, Information Technology, Risk Management, Legal Studies, Business, or a related field.
• Minimum of two (2) years in a policy, audit, or compliance analyst role.
• Strong understanding of risk frameworks such as: o National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). o NIST Special Publication 800-171. o International Organization for Standardization ISO 27001. o Service Organization Control 2 (SOC 2). o Sarbanes-Oxley Act (SOX).
• Direct experience managing regulatory requirements such as: o Payment Card Industry Data Security Standard (PCI-DSS). o NIST guidelines.
• Experience contributing to cross-functional compliance projects or initiatives.
• Familiarity with Governance, Risk, and Compliance (GRC) platforms or compliance tracking systems.
• Familiarity with legal hold processes, third-party risk management, and incident response documentation.
• Familiarity with business continuity and incident response concepts and procedures.
• Excellent verbal and written communication skills with strong attention to detail, organizational ability, and proficiency in documentation, including presenting to executives and auditors.
• Ability to work independently and apply sound judgment and reasoning skills to a variety of situations.
• Strong organizational and analytical skills.
• Ability to interpret and apply regulatory requirements.
• Demonstrated integrity and professionalism in handling sensitive documentation.
• Applicants must be currently authorized to work in the US for any employer. Sponsorship is not available for this position.

Nice To Haves

• Industry certifications such as: o Certified Information Systems Auditor (CISA). o Certified in Risk and Information Systems Control (CRISC). o Certified Information Systems Security Professional (CISSP). o Or equivalent certifications.

Responsibilities

• Administer the policy lifecycle, including drafting, coordinating reviews, publishing, and updating security policies.
• Collaborate with Legal, IT, and Security to ensure policies align with business and regulatory requirements.
• Maintain centralized documentation for audits, assessments, and regulatory reviews.
• Assist in preparing and organizing policy and evidence documentation for internal and third-party audits.
• Monitor regulatory developments and assist in aligning internal practices accordingly.
• Assist in monitoring organizational adherence to internal policies and procedures.
• Track and report on compliance and policy enforcement metrics.
• Arranges, conducts and monitors compliance testing, audits, and investigations.
• Provides ongoing monitoring of compliance information systems and processes.
• Informs supervisor of any compliance violations.
• Reviews internal systems, controls, and processes and identifies ways to resolve regulatory gaps and deficiencies.
• Assists with the implementation of new and updated compliance systems, standards, processes, procedures, and policies.
• Ensures compliance with all local, state, and federal laws and regulations as well as company policies, procedures and internal controls.
• Support compliance initiatives across departments by providing guidance and training.
• Generates analyses and reports containing results of compliance testing to management.
• Develops, maintains, and delivers compliance training content and programs.
• Performs other duties as required to support the business and evolving organization.

Benefits

• Medical
• dental
• vision
• 401k
• flexible spending account
• paid sick leave and paid time off
• parental leave
• quarterly performance bonus
• training
• career growth and education reimbursement programs