The Information Security Compliance Analyst plays a key role in maintaining the organization's compliance with cybersecurity standards and regulatory frameworks. This position focuses on the development, maintenance, and enforcement of security policies, procedures, and control documentation to align with requirements such as NIST 800-53, FedRAMP, ISO 27001, PCI DSS, and SOC 2.
Key Responsibilities
- Develop, review, and update information security policies and standards to reflect current regulatory and operational needs.
- Manage and maintain System Security Plans (SSPs), ensuring accurate representation of system controls, boundaries, and inherited protections.
- Lead coordination of internal and external audits, including evidence collection, documentation readiness, and response support.
- Track and report on Plan of Actions and Milestones (POA&Ms) to support continuous monitoring and risk mitigation efforts.
- Conduct compliance assessments and gap analyses to identify deficiencies and guide remediation planning with cross-functional teams.
- Establish and maintain compliance metrics that reflect program performance and inform leadership decision-making.
- Collaborate with engineering and operations teams to ensure security controls are consistently implemented and audit-ready.
- Build and manage centralized repositories of audit evidence to streamline compliance cycles and improve efficiency.
- Advise system and control owners on compliance expectations, documentation practices, and control implementation.
- Perform additional duties as directed by security leadership.
Qualifications
- A bachelor’s degree in Cybersecurity, Information Systems, or a related field is preferred, or equivalent experience in information security.
- 3–5 years of experience in compliance, GRC, or cybersecurity assurance roles.
- Proven experience with SSPs and compliance documentation for enterprise environments.
- Familiarity with audit processes for FedRAMP, GovRAMP, ISO 27001, PCI DSS, or SOC 2.
- Strong grasp of control-based security frameworks and the ability to translate regulations into practical documentation.
- Excellent written communication, analytical thinking, and organizational skills with a focus on accuracy.
- Ability to manage multiple compliance initiatives simultaneously while meeting deadlines and quality standards.
