Compliance Analyst

Job Description

The ideal candidate will possess a strong understanding of these frameworks, excellent analytical skills, and the ability to translate complex requirements into actionable processes. ● Regulatory Frameworks: ○ Align and maintain organizational practices in accordance with ISO 27001, SOC (specify type, e.g., SOC 2), GDPR, and other relevant regional, national, and international standards. ○ Conduct regular internal audits to assess and ensure ongoing compliance with multiple regulatory frameworks and internal policies. ● Compliance Documentation and Reporting: ○ Develop, maintain, and update comprehensive compliance records, certifications, and audit reports ○ Generate clear and concise compliance reports for internal leadership, external auditors, and other stakeholders as required. ● Third-Party Risk Management: ○ Assess and continuously monitor the compliance of third-party vendors and service providers with relevant regulatory and organizational standards. ○ Conduct thorough risk evaluations and implement robust vendor due diligence processes to mitigate potential compliance risks. ● PCI DSS and HIPAA Compliance: ○ Ensure the organization's ongoing compliance with Payment Card Industry Data Security Standard (PCI DSS) through regular audits, development and maintenance of relevant policies, and performance of gap analyses. ○ Implement and monitor effective security controls to protect cardholder data. ○ Develop, implement, and maintain HIPAA compliance programs, with a strong focus on the confidentiality, integrity, and availability of Protected Health Information (PHI), and ensure adherence to risk mitigation strategies. ● RFI/RFP Management: ○ Prepare and submit accurate and comprehensive responses to Requests for Information (RFIs) and Requests for Proposal (RFPs), ensuring alignment with PCI DSS, HIPAA, and other applicable organizational policies and standards. ○ Maintain a well-organized repository of up-to-date compliance documentation to facilitate efficient and accurate responses to customer inquiries.