Compliance Analyst
Description:
Job Description
Decisions is a fast-growing, private-equity-backed technology company that provides an integrated workflow and rules platform for business process automation (BPA). Trusted by top Fortune 500 firms and SMBs worldwide, Decisions empowers diverse industries around the globe to streamline and improve their processes, enhancing efficiency and yielding results, regardless of technical expertise. This no-code automation platform seamlessly integrates AI tools, rules engines, and workflow management, enabling the transformation of customer experiences, modernization of legacy systems, and the achievement of automation goals three times faster than traditional software development.
As a Compliance/Security Analyst, your daily work ensures organizational operations meet industry compliance standards to increase customer confidence in Decisions' platform, people, and processes. This role is directly responsible for collaborating with leadership, training employees on industry standards, developing policies, evaluating compliance, and communicating the security posture of Decisions with customers and Decisions leadership.
You will strive to elevate the security of customer data as well as internal systems and tools by fighting the status quo of "security theater" to extend our culture of safety and security as a lifestyle in all facets of our business.
This position is on-site at our HQ in Virginia Beach, VA.
Key Objectives
Objective #1: Bolster Public Brand Trust
Support Customer Growth
Eliminate internal and external threats to our business
Manage vulnerability scanning, reporting, and mitigation activities
Identify and understand current organizational policies and practices
Communicate with prospects, customers, and team members to continually increase confidence
Contribute to the timely completion of accurate customer security questionnaires
Observe and act as needed to advance our mission and who we are as an organization
Objective #2: Drive Business Alignment
Steward a shared company culture of data security awareness
Serve as Incident Response Coordinator during threat events
Administer quarterly phish tests and implement remediation strategies
Partner with IT to maintain principle of account least privilege
Contribute to the org-wide Risk Register to proactively monitor, manage, and resolve business threats
Advise on developing and implementing new compliance policies and procedures as required
Collaborate with security champions within each department
Complete timely and accurate Cloud Cost reporting and SLA reporting requests
Objective #3: Maintain Regulatory Adherence
Support real-time, collaborative audit readiness
Complete internal and external security and privacy audits (ex: SOC2, HITRUST, PCI DSS, ISO27001, etc)
Communicate with auditors and follow up on action items in a timely manner
Contribute to internal audits to assess operational and procedural compliance
Research industry regulations and policies
Specialized Experience or Skills
Required
Technical adeptness and proficiency (if you've never used a computer, this is not the role for you)
Experience prioritizing and completing multiple tasks on tight timelines
Strong problem-solving skills as well as excellent process discipline, milestone management, and time management skills
Ability to take in information and summarize the most important content
Ability to listen attentively to others and communicate effectively both verbally and in writing
Experience working on teams that require high levels of cooperation, flexibility, cross-group collaboration, and real-time response
Ability to independently seek and find answers to complete tasks under narrow deadlines
Attention to detail without losing sight of the big picture
Preferred
IT (Helpdesk, Technical Support, SysAdmin) and/or Customer Service Experience
COMPTIA A+, Network+, and/or Security+
Exposure to performing key Information Security operational activities
Experience with EDR/XDR, IDS/IPS systems
Experience contributing to internal and external audits (ex: SOC2, ISO 27000, PCI DSS, HITRUST, FEDRAMP, etc)
Experience using Public Clouds (bonus points for Azure or AWS certifications)
Linux experience
Other Industry certifications: CAP, CCSK, CISA, CCSP, CRISC, Linux+
Full-time