IT Compliance and Security Analyst

Job Description

Job_Description":" Job Summary: The IT Compliance and Security Analyst is responsible for ensuringthe organization\u2019s IT infrastructure, policies, and processes comply withregulatory and industry security standards. This role involves conducting riskassessments, managing audits, enforcing security policies, and mitigatingpotential vulnerabilities to protect organizational assets. Key Responsibilities: 1. IT Compliance & Risk Management Ensure adherence to IT security compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, GDPR, and PCI-DSS. Conduct risk assessments and gap analyses to identify compliance risks and recommend mitigation strategies. Assist in the development, implementation, and maintenance of IT security policies and procedures. Stay updated on evolving compliance regulations and security best practices. 2. Security Monitoring & Incident Response Review security alerts and investigate potential threats or incidents. Support incident response activities, including forensic analysis, reporting, and mitigation plans. Work with IT teams to ensure security controls are implemented and maintained effectively. 3. Audit & Documentation Own internal and external security audits from IT perspective, including evidence collection and audit coordination and track to closure. Maintain records and documentation related to security controls, compliance reports, and risk assessments. Liaise with stakeholders and follow up diligently until issues are fully resolved or mitigated. Take a 360-degree approach to identifying and prioritising required evidence, ensuring it is provided correctly the first time (FTR \u2013 First Time Right). Ensure all compliance tasks are completed on time and tracked properly, preventing any delays or breaches that could lead to non-compliance. Track audit findings and ensure timely remediation of identified gaps. Conduct rigorous follow-ups on all ongoing tasks, ensuring nothing is overlooked and providing timely updates to the respective stakeholders. 4. Security Awareness &Training Conduct compliance awareness training programs for employees. Educate teams on compliance best practices, requirements. 5. Vendor & Third-PartyCompliance Assess third-party vendors for compliance risks. Ensure vendor contracts align with IT security policies and regulatory requirements. Technical understanding of IT infrastructure-related compliances ensures adherence to compliance standards and all processes. Required Qualifications & Skills: Bachelor\u2019s degree in information security, IT, Computer Science, or a related field. 5+ years of experience in IT compliance, risk management, or audit functions. Able to discuss past role(s) to demonstrate capabilities for this role. Knowledge of security frameworks such as ISO 27001, SOC 2, NIST, GDPR, HIPAA, or PCI-DSS. Experience with IT governance, risk assessment, and regulatory compliance. Strong analytical, problem-solving, and communication skills. Certifications such as CISA, CEH, or Security+ are a plus. Preferred Skills: Familiarity with security tools such as SIEM, vulnerability scanners, patch management, and endpoint protection Experience in cloud security compliance (AWS, Azure, GCP). Understanding of Data Loss Prevention (DLP) and Identity & Access Management (IAM). Ability to work collaboratively with IT, Legal, and business teams. Requirements Job Summary: The IT Compliance and Security Analyst is responsible for ensuringthe organization\u2019s IT infrastructure, policies, and processes comply withregulatory and industry security standards. This role involves conducting riskassessments, managing audits, enforcing security policies, and mitigatingpotential vulnerabilities to protect organizational assets. Key Responsibilities: 1. IT Compliance & Risk Management Ensure adherence to IT security compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, GDPR, and PCI-DSS. Conduct risk assessments and gap analyses to identify compliance risks and recommend mitigation strategies. Assist in the development, implementation, and maintenance of IT security policies and procedures. Stay updated on evolving compliance regulations and security best practices. 2. Security Monitoring & Incident Response Review security alerts and investigate potential threats or incidents. Support incident response activities, including forensic analysis, reporting, and mitigation plans. Work with IT teams to ensure security controls are implemented and maintained effectively. 3. Audit & Documentation Own internal and external security audits from IT perspective, including evidence collection and audit coordination and track to closure. Maintain records and documentation related to security controls, compliance reports, and risk assessments. Liaise with stakeholders and follow up diligently until issues are fully resolved or mitigated. Take a 360-degree approach to identifying and prioritising required evidence, ensuring it is provided correctly the first time (FTR \u2013 First Time Right). Ensure all compliance tasks are completed on time and tracked properly, preventing any delays or breaches that could lead to non-compliance. Track audit findings and ensure timely remediation of identified gaps. Conduct rigorous follow-ups on all ongoing tasks, ensuring nothing is overlooked and providing timely updates to the respective stakeholders. 4. Security Awareness &Training Conduct compliance awareness training programs for employees. Educate teams on compliance best practices, requirements. 5. Vendor & Third-PartyCompliance Assess third-party vendors for compliance risks. Ensure vendor contracts align with IT security policies and regulatory requirements. Technical understanding of IT infrastructure-related compliances ensures adherence to compliance standards and all processes. Required Qualifications & Skills: Bachelor\u2019s degree in information security, IT, Computer Science, or a related field. 5+ years of experience in IT compliance, risk management, or audit functions. Able to discuss past role(s) to demonstrate capabilities for this role. Knowledge of security frameworks such as ISO 27001, SOC 2, NIST, GDPR, HIPAA, or PCI-DSS. Experience with IT governance, risk assessment, and regulatory compliance. Strong analytical, problem-solving, and communication skills. Certifications such as CISA, CEH, or Security+ are a plus. Preferred Skills: Familiarity with security tools such as SIEM, vulnerability scanners, patch management, and endpoint protection Experience in cloud security compliance (AWS, Azure, GCP). Understanding of Data Loss Prevention (DLP) and Identity & Access Management (IAM). Ability to work collaboratively with IT, Legal, and business teams.