IT Compliance and Security Analyst

Requirements

Job Summary:

The IT Compliance and Security Analyst is responsible for ensuring the organization’s IT infrastructure, policies, and processes comply with regulatory and industry security standards. This role involves conducting risk assessments, managing audits, enforcing security policies, and mitigating potential vulnerabilities to protect organizational assets.

Key Responsibilities:

1. IT Compliance & Risk Management

• Ensure adherence to IT security compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, GDPR, and PCI-DSS.
  
• Conduct risk assessments and gap analyses to identify compliance risks and recommend mitigation strategies.
  
• Assist in the development, implementation, and maintenance of IT security policies and procedures.
  
• Stay updated on evolving compliance regulations and security best practices.

2. Security Monitoring & Incident Response

• Review security alerts and investigate potential threats or incidents.
  
• Support incident response activities, including forensic analysis, reporting, and mitigation plans.
  
• Work with IT teams to ensure security controls are implemented and maintained effectively.

3. Audit & Documentation

• Own internal and external security audits from IT perspective, including evidence collection and audit coordination and track to closure.
  
• Maintain records and documentation related to security controls, compliance reports, and risk assessments.
  
• Liaise with stakeholders and follow up diligently until issues are fully resolved or mitigated.
  
• Take a 360-degree approach to identifying and prioritising required evidence, ensuring it is provided correctly the first time (FTR – First Time Right).
  
• Ensure all compliance tasks are completed on time and tracked properly, preventing any delays or breaches that could lead to non-compliance.
  
• Track audit findings and ensure timely remediation of identified gaps.
  
• Conduct rigorous follow-ups on all ongoing tasks, ensuring nothing is overlooked and providing timely updates to the respective stakeholders.

4. Security Awareness & Training

• Conduct compliance awareness training programs for employees.
  
• Educate teams on compliance best practices, requirements.

5. Vendor & Third-Party Compliance

• Assess third-party vendors for compliance risks.
  
• Ensure vendor contracts align with IT security policies and regulatory requirements.
  
• Technical understanding of IT infrastructure-related compliances ensures adherence to compliance standards and all processes.

Required Qualifications & Skills:

• Bachelor’s degree in information security, IT, Computer Science, or a related field.
  
• 5+ years of experience in IT compliance, risk management, or audit functions.
  
• Able to discuss past role(s) to demonstrate capabilities for this role.
  
• Knowledge of security frameworks such as ISO 27001, SOC 2, NIST, GDPR, HIPAA, or PCI-DSS.
  
• Experience with IT governance, risk assessment, and regulatory compliance.
  
• Strong analytical, problem-solving, and communication skills.
  
• Certifications such as CISA, CEH, or Security+ are a plus.

Preferred Skills:

• Familiarity with security tools such as SIEM, vulnerability scanners, patch management, and endpoint protection
  
• Experience in cloud security compliance (AWS, Azure, GCP).
  
• Understanding of Data Loss Prevention (DLP) and Identity & Access Management (IAM).
  
• Ability to work collaboratively with IT, Legal, and business teams.