Compliance Analyst II

Job Summary: Member of the Governance/Risk/Compliance Section. Assist the Compliance Team Lead in achieving conformance with government regulations as well as the timely completion of tasks in accordance with dynamic business requirements with competing priorities in a growing department. Compliance analysts ensure that an organization's operations and procedures meet government and industry compliance standards.

The Compliance Analyst II will assist the Compliance Team Lead in processing documentation, facilitation, remediation planning, risk management, and systems implementation coordination to meet the audit, control, and compliance requirements.

Key Responsibilities:

• Maintains legal and regulatory compliance by researching and communicating requirements and obtaining approvals
• Research regulations by reviewing regulatory bulletins and other sources of information
• Keeps other departments abreast of requirements by researching regulatory and filing information and by writing and communicating guidelines
• Obtains approvals by revising forms
• Prepares reports by collecting, analyzing, and summarizing information
• Maintains rapport with regulatory personnel by arranging continuing contacts and resolving concerns
• Maintains quality service by establishing and enforcing organization standards
• Maintains professional and technical knowledge by attending educational workshops, reviewing professional publications, establishing personal networks, benchmarking state-of-the-art practices, and participating in professional societies
• Contributes to team effort by accomplishing related results as needed
• Assuring the business is aligned with contractual requirements, framework requirements, new customer requirements around compliance are being adequately managed
• Lead the assessment of compliance with security regulations such as NIST Information Security Framework, HiTRUST, FedRAMP, NIST CSF, ISO27001, StateRAMP
• Manages security compliance activities for customer, PCI, and internal audit reviews
• Examine and evaluate internal controls based on various security and privacy standards (PCI, SOC2, NIST)
• Perform audit testing of controls
• Monitor compliance with information security policies and practices and any applicable laws
• Manage internal and external security assessments and risk analysis
• Participation in the security community such as ISACA, ISC2, SANS Institute is desired.
• Conducts intelligence analysis of external threats targeting the industry leverages internal data stores to gauge the potential impact on business operations

Qualifications / Certifications:

• CISSP, CISA, CISM, HITRUST, CRISC, GIAC, IAT, CCSP, PMP, QSA or equivalent is preferred.
• Bachelor’s Degree with 4 years of experience (a Master’s degree can substitute for 2 years’ experience)
• Experience examining and evaluating internal controls based on PCI, SOC, & NIST security and privacy standards, and perform audit testing of controls
• Ability to work independently
• Knowledge of cybersecurity
• Versed in information security frameworks and activities. e.g. FedRAMP, FISMA, CSF, NIST Information Security Framework, ISO27001, CIS, SOC1, SOC2, SOC3, etc.
• Work closely with development leaders and compliance leaders across the company as well as external auditors, overseeing audit activities and monitoring remediation of audit findings

Special Requirements:

• May also be assigned various projects and tasks as needed

Equal Opportunity Employer. M/F/D/V