Principal Analyst, Technology Compliance

About The Position

Requirements

• Degree in Technology, Computer Science, or Business, with solid IT audit or compliance management experience or equivalent work experience
• 7+ years of experience with enterprise compliance, audit, and/or risk management programs, privacy, data security, and control issues across cloud and on-premises environments.
• Strong understanding of key compliance regulations (Sarbanes-Oxley, GLBA, HIPAA, PCI).
• Ability to stay abreast of industry trends, emerging threats, and changing external regulations, and adapt core compliance processes accordingly.
• Experience in designing and implementing enterprise Compliance Governance frameworks, including identification, assessment, and mitigation of compliance exposure.
• Detailed knowledge and experience with IT General Controls and operational testing procedures for SOX, PCI, and privacy.
• Ability to assess alternative compliance approaches and methodologies, both quantitatively and qualitatively, to meet business needs.
• Effective communication skills to convey risks, gather test evidence, and translate compliance findings into actionable steps.
• Ability to assess, identify, and document third-party system compliance deficiencies and recommend solutions.
• Excellent facilitation skills for group discussions, diplomacy, and seeking diverse opinions.
• Strong organizational and time management skills.
• In-depth knowledge of information security, compliance management frameworks, and standards (NIST, OWASP, SANS, ISO-27001/2, COBIT, ITIL).
• Commitment to top-quality service and exceeding customer expectations.
• Demonstrated leadership and ability to gain consensus across teams without direct reporting responsibility.
• Possession of CISA certification (required)

Nice To Haves

• CRISC, CIA, CISM, CISSP, PCI certifications (desired).

Responsibilities

• Design, implement, and maintain enterprise-wide General IT Controls (GITCs) and compliance frameworks aligned with regulatory requirements (PCI DSS, SOX, HIPAA, Data Privacy, etc.).
• Develop and enforce processes and procedures to ensure adherence to company policies, laws, and industry standards (e.g., NIST, ITIL).
• Influence compliance strategy and direction within established standards and guidance.
• Plan and execute compliance testing, control assessments, and documentation for technology environments.
• Validate key controls, identify risks, analyze root causes, and recommend improvements to meet compliance standards.
• Communicate remediation and prevention strategies using leading practices and drive completion of corrective actions.
• Facilitate internal and external audits across technology teams.
• Collaborate with GRC teams to strengthen assessment processes.
• Serve as a trusted advisor and subject matter expert for technology controls.
• Maintain strong knowledge of industry trends, regulations, and emerging standards.
• Assess, design, and implement technical improvements to control testing processes leveraging automation, AI, etc.
• Develop and deliver compliance training and awareness programs across all domains.
• Mentor team members and support professional development to foster organizational maturity.