Security Analyst - IT Compliance
About the position
Job Responsibilities:
IT/ISO Risk Management
• Maintain and execute risk management processes that align with ISO, NIST, and regulatory standards.
• Enforce and evaluate system access controls to ensure alignment with internal policies.
• Support security planning, assessments, gap analysis, and compliance activities.
• Analyze business processes for security alignment and identify control weaknesses.
• Escalate and report on residual risk, vulnerabilities, and non compliance trends.
Risk Register Management
• Own the IT/ISO risk register, ensuring risks are captured, assessed, updated, and communicated.
• Partner with IT and ISO process leaders to continually evaluate risk impact and mitigation progress.
Compliance & Audit Support
• Coordinate internal and external audits (ISO, NIST, SOC2, SOX, etc.).
• Prepare evidence, respond to audit requests, and track findings through remediation.
• Monitor compliance with IT/ISO policies, documenting deviations and improvement opportunities.
Remediation Oversight
• Work with application owners, infrastructure teams, and other technical SMEs to design and track remediation plans.
• Ensure remediation timelines are met and resolutions are complete, accurate, and aligned with control intent.
• Provide progress reporting to management and leadership.
Collaboration & Communication
• Partner across IT, security, and business teams to drive visibility and accountability around risk and compliance.
• Lead periodic discussions with stakeholders to promote a consistent risk management culture.
Training & Awareness
• Provide training and support to teams on IT/ISO compliance processes.
• Serve as a point of contact for compliance and audit related inquiries.
Day to Day Duties
• Perform ITGC testing, evidence review, and control validation for SOX/SOC2 readiness.
• Review and update risk register entries, ensuring accuracy and timely progress updates.
• Investigate compliance issues, perform root cause analysis, and document findings.
• Support access control reviews and ensure entitlement processes align with policy.
• Collaborate with auditors, gather evidence, and document remediation activities.
• Draft or update security policies, standards, and procedures.
• Monitor compliance dashboards, generate weekly/monthly reporting, and communicate status to leadership.
• Participate in cross functional meetings with process owners and contribute to risk reduction strategies.
• Respond to security incidents or alerts when they intersect with compliance and risk.
Responsibilities
• Maintain and execute risk management processes that align with ISO, NIST, and regulatory standards.
• Enforce and evaluate system access controls to ensure alignment with internal policies.
• Support security planning, assessments, gap analysis, and compliance activities.
• Analyze business processes for security alignment and identify control weaknesses.
• Escalate and report on residual risk, vulnerabilities, and non compliance trends.
• Own the IT/ISO risk register, ensuring risks are captured, assessed, updated, and communicated.
• Partner with IT and ISO process leaders to continually evaluate risk impact and mitigation progress.
• Coordinate internal and external audits (ISO, NIST, SOC2, SOX, etc.).
• Prepare evidence, respond to audit requests, and track findings through remediation.
• Monitor compliance with IT/ISO policies, documenting deviations and improvement opportunities.
• Work with application owners, infrastructure teams, and other technical SMEs to design and track remediation plans.
• Ensure remediation timelines are met and resolutions are complete, accurate, and aligned with control intent.
• Provide progress reporting to management and leadership.
• Partner across IT, security, and business teams to drive visibility and accountability around risk and compliance.
• Lead periodic discussions with stakeholders to promote a consistent risk management culture.
• Provide training and support to teams on IT/ISO compliance processes.
• Serve as a point of contact for compliance and audit related inquiries.
• Perform ITGC testing, evidence review, and control validation for SOX/SOC2 readiness.
• Review and update risk register entries, ensuring accuracy and timely progress updates.
• Investigate compliance issues, perform root cause analysis, and document findings.
• Support access control reviews and ensure entitlement processes align with policy.
• Collaborate with auditors, gather evidence, and document remediation activities.
• Draft or update security policies, standards, and procedures.
• Monitor compliance dashboards, generate weekly/monthly reporting, and communicate status to leadership.
• Participate in cross functional meetings with process owners and contribute to risk reduction strategies.
• Respond to security incidents or alerts when they intersect with compliance and risk.
Benefits
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
Apply tot his job
Apply To this Job