Position Summary
The Compliance Analyst is responsible for ensuring that the organization adheres to regulatory requirements, industry standards, and internal policies. This role focuses on identifying compliance risks, performing audits and assessments, and supporting initiatives related to frameworks such as HIPAA, SOC 2, ISO 27001, and other relevant standards. Compliance Analysts collaborate with IT, security, operations, and business teams to maintain a strong compliance posture.
Key Responsibilities
Compliance Monitoring & Assessment
- Conduct audits, assessments, and reviews to evaluate adherence to regulatory and industry standards.
- Monitor compliance with HIPAA, SOC 2, ISO 27001, GDPR, and other applicable frameworks.
- Identify gaps, risks, and areas for improvement in policies, processes, and controls.
- Maintain up-to-date knowledge of regulatory changes and compliance best practices.
Policy & Procedure Management
- Assist in the development, review, and implementation of compliance policies and procedures.
- Ensure internal processes align with regulatory requirements and industry standards.
- Maintain documentation of compliance activities, audit findings, and remediation efforts.
Risk Management & Remediation
- Support risk assessments and track remediation activities to closure.
- Collaborate with IT, security, and business teams to implement corrective actions.
- Evaluate third-party vendors and partners for compliance risks.
Training & Awareness
- Provide training and guidance to employees on compliance policies, procedures, and regulatory requirements.
- Promote a culture of compliance throughout the organization.
Reporting & Communication
- Prepare reports on compliance status, audit results, and risk assessments for management.
- Communicate findings, recommendations, and corrective actions to relevant stakeholders.
- Support internal and external audits and regulatory inquiries.
Qualifications
Required
- 2–5+ years of experience in compliance, risk management, or audit roles.
- Knowledge of regulatory standards such as HIPAA, SOC 2, ISO 27001, GDPR, or similar frameworks.
- Familiarity with IT, security, and business operations relevant to compliance programs.
- Strong analytical, documentation, and organizational skills.
- Effective written and verbal communication for audit reporting and stakeholder engagement.
Preferred
- Certifications: CISA, CISM, CRISC, CISSP, HCISPP, or equivalent.
- Experience conducting internal audits, risk assessments, or vendor compliance reviews.
- Familiarity with compliance management tools, GRC platforms, and reporting frameworks.
- Knowledge of security controls, risk mitigation, and IT governance.