Security Compliance Analyst

Position Summary:This role will monitor, manage, and close existing compliance issues while analyzing internal systems for compliance with security standards. This position will work with IT support staff to perform vulnerability and risk assessments and develop mitigation strategies to ensure compliance with current procedures and policies across the organization.Essential Functions:Planning and leading organization-wide security audits to ensure compliance with the Sarbanes-Oxley Act (SOX), the Payment Card Industry Data Security Standard (PCI DSS), HIPAA, and various other mandatesWorking with the information technology (IT) department and other relevant departments to coordinate audits, both internally and externallyDeveloping, preparing, and reviewing documents related to compliance and assessmentsDesigning remediation efforts when security deficiencies are foundCoordinating annual SOX and Statement on Standards for Attestation Engagements No. 16 (SSAE 16) audits for the IT departmentIdentify threats and risk exposures, assess and manage risks, and monitor the implementation of corresponding programsPlanning and maintaining compliance activities according to existing policies and standards as well as industry regulationsPointing out the shortcomings associated with existing platform security and compliance processes and developing ways to address themWorking with third parties and consultants as needed for independent security auditRespond to client audits and act as the subject matter expert for all client questionnairesEscalate high and critical risks or risk trends to the appropriate level of leadershipProvide audit and compliance metrics monthlyEmbed compliance culture and risk awareness across the companyProvide off-hours support if requiredPerforms other duties as may be assigned.This is an on-site position with no hybrid opportunity at this time.Knowledge, Skills, and AbilitiesEssential:Broad technical knowledge of information security and compliance principles and processExperience in operating, monitoring, and implementing security policies, standards, and controlsExperience managing external audit activity and supporting internal auditsKnowledge of core security controls and systems such as risk analysis quantification and point of escalationAbility to implement new policies and programsStrong written and verbal communication skillsStrong analytical and critical thinking skillsThe highest degree of personal integrity.Education and TrainingBachelors degree in computer science, Information Technology, or equivalent experience preferred 10 or moreyears of professional networking experience, including 5 or more years of security managementand/or compliance.Professional certification, such as CISA, CISM, CRISC, CISSP, or ISAAPReports To:VP of IT