Security Analyst - IT Compliance

About the position Job Responsibilities: IT/ISO Risk Management • Maintain and execute risk management processes that align with ISO, NIST, and regulatory standards. • Enforce and evaluate system access controls to ensure alignment with internal policies. • Support security planning, assessments, gap analysis, and compliance activities. • Analyze business processes for security alignment and identify control weaknesses. • Escalate and report on residual risk, vulnerabilities, and non compliance trends. Risk Register Management • Own the IT/ISO risk register, ensuring risks are captured, assessed, updated, and communicated. • Partner with IT and ISO process leaders to continually evaluate risk impact and mitigation progress. Compliance & Audit Support • Coordinate internal and external audits (ISO, NIST, SOC2, SOX, etc.). • Prepare evidence, respond to audit requests, and track findings through remediation. • Monitor compliance with IT/ISO policies, documenting deviations and improvement opportunities. Remediation Oversight • Work with application owners, infrastructure teams, and other technical SMEs to design and track remediation plans. • Ensure remediation timelines are met and resolutions are complete, accurate, and aligned with control intent. • Provide progress reporting to management and leadership. Collaboration & Communication • Partner across IT, security, and business teams to drive visibility and accountability around risk and compliance. • Lead periodic discussions with stakeholders to promote a consistent risk management culture. Training & Awareness • Provide training and support to teams on IT/ISO compliance processes. • Serve as a point of contact for compliance and audit related inquiries. Day to Day Duties • Perform ITGC testing, evidence review, and control validation for SOX/SOC2 readiness. • Review and update risk register entries, ensuring accuracy and timely progress updates. • Investigate compliance issues, perform root cause analysis, and document findings. • Support access control reviews and ensure entitlement processes align with policy. • Collaborate with auditors, gather evidence, and document remediation activities. • Draft or update security policies, standards, and procedures. • Monitor compliance dashboards, generate weekly/monthly reporting, and communicate status to leadership. • Participate in cross functional meetings with process owners and contribute to risk reduction strategies. • Respond to security incidents or alerts when they intersect with compliance and risk. Responsibilities • Maintain and execute risk management processes that align with ISO, NIST, and regulatory standards. • Enforce and evaluate system access controls to ensure alignment with internal policies. • Support security planning, assessments, gap analysis, and compliance activities. • Analyze business processes for security alignment and identify control weaknesses. • Escalate and report on residual risk, vulnerabilities, and non compliance trends. • Own the IT/ISO risk register, ensuring risks are captured, assessed, updated, and communicated. • Partner with IT and ISO process leaders to continually evaluate risk impact and mitigation progress. • Coordinate internal and external audits (ISO, NIST, SOC2, SOX, etc.). • Prepare evidence, respond to audit requests, and track findings through remediation. • Monitor compliance with IT/ISO policies, documenting deviations and improvement opportunities. • Work with application owners, infrastructure teams, and other technical SMEs to design and track remediation plans. • Ensure remediation timelines are met and resolutions are complete, accurate, and aligned with control intent. • Provide progress reporting to management and leadership. • Partner across IT, security, and business teams to drive visibility and accountability around risk and compliance. • Lead periodic discussions with stakeholders to promote a consistent risk management culture. • Provide training and support to teams on IT/ISO compliance processes. • Serve as a point of contact for compliance and audit related inquiries. • Perform ITGC testing, evidence review, and control validation for SOX/SOC2 readiness. • Review and update risk register entries, ensuring accuracy and timely progress updates. • Investigate compliance issues, perform root cause analysis, and document findings. • Support access control reviews and ensure entitlement processes align with policy. • Collaborate with auditors, gather evidence, and document remediation activities. • Draft or update security policies, standards, and procedures. • Monitor compliance dashboards, generate weekly/monthly reporting, and communicate status to leadership. • Participate in cross functional meetings with process owners and contribute to risk reduction strategies. • Respond to security incidents or alerts when they intersect with compliance and risk. Benefits • Medical, dental & vision • Critical Illness, Accident, and Hospital • 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available • Life Insurance (Voluntary Life & AD&D for the employee and dependents) • Short and long-term disability • Health Spending Account (HSA) • Transportation benefits • Employee Assistance Program • Time Off/Leave (PTO, Vacation or Sick Leave) Apply tot his job