Senior IT Compliance Analyst

About The Position

Requirements

• 4+ years of experience in an IT compliance, IT audit, or risk management role.
• In-depth knowledge and hands-on experience with the following frameworks: NIST 800-53 ISO 27001 Sarbanes-Oxley (SOX) General Data Protection Regulation (GDPR) FedRAMP (Moderate or High)
• Proven experience with risk assessment methodologies and control testing.
• Strong understanding of IT governance and control principles.
• Excellent project management and organizational skills.
• Exceptional written and verbal communication skills.
• A bachelor’s degree in information technology, Cybersecurity, Business Administration, or equivalent professional experience.
• Relevant professional certifications such as CISA, CISSP, CISM, CRISC, or similar are highly desirable.

Nice To Haves

• Strong background in Identity Security and/or Privileged Access Management.
• Familiarity with using and implementing SailPoint products and services.
• Strong background in scripting and automation.
• Proficient with the use and governance of Artificial Intelligence.

Responsibilities

• Compliance Framework Management: Implement, maintain, and continually improve our IT compliance programs, with a focus on NIST 800-53, ISO 27001, SOX, GDPR, and FedRAMP.
• Risk Assessments: Conduct comprehensive risk assessments to identify potential compliance gaps and vulnerabilities. Develop and implement remediation plans to address identified risks.
• Control Testing & Auditing: Design and execute control testing procedures to validate the effectiveness of our IT controls. Liaise with internal and external auditors to facilitate audits and ensure timely resolution of audit findings.
• FedRAMP Compliance: Manage the FedRAMP authorization process, including the development and maintenance of System Security Plans (SSPs) and continuous monitoring activities.
• SOX Compliance: Oversee IT General Controls (ITGCs) for Sarbanes-Oxley (SOX) compliance, including access controls, change management, and IT operations.
• ISO 27001 Certification:Maintain and enhance our Information Security Management System (ISMS) to ensure ongoing compliance with ISO 27001 standards.
• GDPR and Data Privacy: Ensure adherence to GDPR and other global data privacy regulations. Conduct Data Protection Impact Assessments (DPIAs) and support privacy-by-design principles.
• Policy and Procedure Development: Develop and maintain IT policies, standards, and procedures to support compliance requirements.
• Reporting and Documentation: Prepare and present compliance reports to management. Maintain accurate and comprehensive documentation of compliance policies and standards.
• Training and Awareness:Promote a culture of compliance by providing training and awareness programs to employees.

Benefits

• Health and wellness coverage: Medical, dental, and vision insurance
• Disability coverage: Short-term and long-term disability
• Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)
• Additional life coverage options: Supplemental life insurance for employees, spouses, and children
• Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account
• Financial security: 401(k) Savings and Investment Plan with company matching
• Time off benefits: Flexible vacation policy
• Holidays: 8 paid holidays annually
• Sick leave
• Parental support: Paid parental leave
• Employee Assistance Program (EAP) and Care Counselors
• Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options
• Health Savings Account (HSA) with employer contribution