Ensure the organization complies with relevant regulatory requirements (e.g., GDPR, HIPAA, CCPA/CPRA) and industry standards (e.g., ISO 27001, SOC 2, NIST CSF, PCI DSS).
Develop, implement, and maintain information security policies, standards, and guidelines.
Conduct regular audits and assessments to identify gaps and ensure adherence to compliance frameworks.
Lead in risk assessments to evaluate potential security threats and vulnerabilities.
Collaborate with cross-functional teams to remediate compliance gaps and reduce risks.
Act as the primary liaison for internal and external audits, including regulatory audits, client security assessments, and third-party audits.
Proactively stay up to date with changes in regulatory and compliance requirements, as well as industry trends.

Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field; or equivalent work experience.
5+ years of experience in information security, compliance, or related roles.
Experience working with regulatory requirements and industry frameworks (e.g., GDPR, HIPAA, ISO 27001, NIST, SOC 2, PCI DSS).
Strong understanding of risk assessment methodologies, control frameworks, and compliance requirements.
Hands-on experience with compliance management tools and GRC platforms.
Proficiency in participating in audits and managing remediation plans.
Familiarity with cloud security and third-party risk management.
Comfortable using AI tools for compliance efforts.

Senior Information Security Compliance Analyst

Key skills