IT Compliance Analyst

As a Remote IT Compliance Analyst, you will be responsible for ensuring that the organizations information technology systems, policies, and practices comply with internal standards and external regulatory requirements. You'll work closely with teams across IT, security, audit, legal, and business units to assess risk, implement controls, and monitor adherence to frameworks such as SOX, HIPAA, GDPR, ISO 27001, NIST, and others relevant to the company's operations.

This role requires strong analytical skills, a detail-oriented mindset, and a working knowledge of IT environments including cloud services, endpoint protection, identity management, and system monitoring. You'll help drive internal audits, support security assessments, maintain documentation, and collaborate with stakeholders to strengthen the organizations compliance posture.

Key Responsibilities:

Evaluate and monitor IT systems, processes, and infrastructure to ensure compliance with applicable regulations and industry standards

Conduct internal audits and control testing related to data security, system access, change management, and cloud operations

Support risk assessments and document gaps between current practices and regulatory or policy requirements

Assist in the implementation and enforcement of IT compliance frameworks such as SOX, HIPAA, PCI-DSS, ISO 27001, or NIST 800-53

Maintain up-to-date records of IT controls, policies, procedures, audit findings, and remediation plans

Collaborate with cross-functional teams to coordinate compliance audits and resolve control deficiencies

Work with security and IT teams to ensure technical configurations align with regulatory standards (e.g., encryption, access logging, identity governance)

Support third-party vendor assessments and due diligence processes

Assist in employee awareness training and communication efforts around IT compliance and acceptable use policies

Stay informed of emerging regulatory requirements and assess their impact on IT policies and practices

Required Qualifications:

Bachelors degree in Information Systems, Cybersecurity, Audit, or a related field

2 years of experience in IT compliance, audit, risk management, or IT security

Understanding of IT general controls (ITGCs), identity and access management, and data protection principles

Familiarity with compliance frameworks and standards such as SOX, HIPAA, GDPR, ISO 27001, NIST, or COBIT

Experience with audit management tools, risk registers, and GRC platforms (e.g., LogicGate, Archer, OneTrust, ZenGRC)

Ability to assess and document risks, controls, and corrective actions

Strong attention to detail, documentation skills, and a proactive approach to compliance

Excellent communication and stakeholder management skills in a remote work environment.