Senior IT Compliance Analyst

As a Senior IT Compliance Analyst at Yext, your role will involve supporting the security assurance activities with customers, vendors, and internal teams. You will be responsible for responding to product security-related questions, completing security assessments and audit inquiries, and reviewing security and contract language to ensure compliance with Yext's standards. **Role Overview:** - Contribute to the development and maintenance of IT & Security policies, standards, and controls. - Support the annual control attestation process and provide the required evidence. - Measure, track, and report on security metrics and key performance indicators (KPIs). - Ensure ongoing alignment with regulatory and industry compliance requirements (e.g., SOC 2, HIPAA, GDPR, NIS2). - Support responses to cyber insurance questionnaires by leveraging existing security controls, certifications, and policies. **Key Responsibilities:** - Conduct risk assessments across systems, applications, and vendors, documenting and tracking outcomes. - Collaborate with IT, Legal, and Security teams to design and implement mitigation strategies. - Maintain a centralized repository of standardized security questionnaire responses and keep them current with implemented controls. - Manage responses to client questionnaires and third-party audit inquiries with accuracy and professionalism. - Serve as a key point of contact for clients, auditors, and external stakeholders on security-related matters. - Prepare and provide audit-ready evidence for internal and external audits (SOC 2, SOX, ISO 27001, etc.). - Partner with control owners to create and track corrective action plans, ensuring timely remediation. - Identify and implement process improvements to increase efficiency in audit preparation, risk assessments, and responses. - Provide actionable recommendations to management on enhancing security and compliance practices. **Qualifications Required:** - Deep knowledge of regulatory and industry frameworks such as SOC 2, SOX, ISO 27001, NIST CSF, HIPAA, GDPR, NIST AI RMF. - Ability to evaluate risks and support effective remediation strategies. - Skilled in managing and supporting audits, assessments, and assurance activities. - Strong ability to build trust and deliver timely, accurate responses. - Excellent written and verbal skills; able to present technical issues clearly to non-technical audiences and executives. - Works effectively across IT, Security, Legal, and business teams. - Strong organizational skills with the ability to balance multiple priorities. - Identifies opportunities to streamline assurance and compliance processes. - Familiarity with GRC platforms (e.g., OneTrust, SecurityScorecard, Bitsight, Archer) and security tooling. - Capable of guiding stakeholders and influencing decisions. - Bachelor's degree in Information Security, Cybersecurity, Computer Science, Engineering, or related field; or equivalent experience. - 5+ years of experience in information security, with a strong focus on audit and compliance management. - Demonstrated experience conducting risk and compliance assessments. - Proven success in managing client security questionnaires and third-party audits. - Familiarity with industry and regulatory compliance frameworks (SOC 2, SOX, ISO 27001, NIST CSF, HIPAA, GDPR). - Experience with GRC tools and technologies (e.g., OneTrust, SecurityScorecard, Bitsight, Archer, or similar). - Advanced written and verbal communication skills, with the ability to engage confidently with executives, clients, and auditors. - Professional certifications such as CISA, CRISC, CISM, CISSP, or CDPSE preferred. At Yext, we offer a range of perks and benefits including performance-based compensation, comprehensive leave package, health and wellness offerings, relocation benefits, and a world-class office with top-notch amenities. Yext is an equal opportunity employer committed to building a results-driven, engaging culture that values diversity and inclusivity.,