The IT Compliance Analyst is responsible for the daily operation, maintenance and execution of Information Technology (IT) compliance processes and procedures with general support and supervision from the Director, IT Security and Mission Assurance. In adherence to requirements established by law, regulation, or contractual language, the IT Compliance Analyst is responsible for tracking, handling and general resolution of compliance events with IT. The role communicates audit requests for evidence to process owners, gathers audit response documentation, analyzes documentation for compliance, and provides documentation to auditors. Maintains compliance and security processes and suggests improvements to mitigate risk through status reports and escalation of events to management. Responsible for communicating criticality of compliance requirements with IT staff, describing success criteria within the compliance space, monitoring compliance activities, handling of exceptions and responding to compliance vulnerabilities.
(Typical duties include the following, although specific duties vary by assignment or contract.)
* Provide analysis and coordination for all IT compliance activities such as Sarbanes-Oxley Act (SOX), Defense Federal Acquisition Regulations (DFARS), General Data Protection Regulation (GDPR), etc.
* Conduct and oversee periodic internal assessments or audits of IT systems, applications, platforms, and operating processes to ensure compliance is maintained.
* Provide evidence of adherence to compliance standards objectives.
* Complete quarterly compliance assessments and reporting.
* Analyze data gathered to evaluate effectiveness of controls and determine accuracy of reports and efficiency and security of operations
* Manage and remediate oversight of all identified control vulnerabilities.
* Inventory all applicable regulatory requirements and incorporate into a single, unified framework.
* Interpret new compliance requirements (such as DFARS, SOX, GDPR, HIPAA, etc.) to address current and future compliance and security needs; perform requirements capture; perform solution review and comparison.
* Support compliance and security requirements through the utilization of existing compliance and security tools and generation of ad-hoc one-time and multiple-use solutions.
* Manage workload through tracking of assigned tasks sets with multi-step and committed completion time planning.
* Provide weekly compliance status reports documenting workload, key metrics, and assigned tasks with status.
* Perform additional duties as requested.
* Knowledge & Skills
* Ability to multi-task effectively and manage multiple priorities.
* Proficient in Microsoft Office applications.
* Excellent communication, interpersonal, and project management skills.
* Ability to utilize compliance and security tools to create new tools and processes to better or more efficiently address requirements.
* Working knowledge of IT compliance standards and regulations, such as DFARS, SOX, GDPR, HIPAA.
* General knowledge of IT systems, administration logs, security protocols, servers and applications.
* Ability to leverage Risk awareness and avoidance as a means to identify, prioritize and execute security and compliance processes and requirements.
Experience & Education
* Associate degree required, Bachelor's degree in IT, Business, Audit, or related field preferred; 2 years of relevant IT, Compliance, or Audit experience may substitute for each year of the degree requirement.
2 years relevant work experience in Information Technology, Compliance, or Audit.
Physical Requirements/Working Environment
* Works in normal office environment.