The Compliance Analyst (Mid level) will help maintain compliance to meet or exceed requirements for in-scope security, legal, and regulatory frameworks. 

This role will be part of the compliance efforts for the enterprise as well as continuing the advancement of the compliance program. This is a multi-dimensional role, requiring compliance and business integration experience with proven capability in both technical skills and cultural awareness to build partnerships and provide best-in-class compliance management and support.

Include, but are not limited to, the following:

• Be part of the compliance initiatives like internal and external compliance audits, scheduling meetings, gathering evidence, managing timelines and advising stakeholders.
• Perform professional day-to-day execution of compliance activities, internal/external audit engagements and projects that focus on customer service and support. 
• Build partnerships and collaborate with colleagues across all levels by providing compliance and audit support, evidence collection and validation, control enhancement, and process improvement recommendations.  
• Assist in the creation of compliance procedures, guidelines, control narratives and work instructions.
• Conduct gap analyses, review audit results, and participate in the identification of root causes to support and monitor remediation plans, recommend preventive actions, and report metrics.
• Monitor control processes developed to ensure adherence to compliance guidelines, internal policies, and regulatory requirements, (eg. SOX).
• Act as a subject matter expert (SME) for compliance related procedures, requirements, and audit activities.
• Work with leadership to prioritize compliance initiatives to align with business objectives.
• Assist with the continued advancement of the compliance program through the review of IT process narratives, compliance awareness efforts, process improvement strategies and risk and control mapping. 
• Support business enablement objectives in alignment with compliance best practices and regulatory requirements. 
• Must be able to take initiative, be dependable, and work with little supervision while being resilient to change.
• Uphold company mission and values through accountability, innovation, integrity, quality, and teamwork. 
• Support and comply with the company’s Quality Management System policies and procedures. 
• Ability to act with an inclusion mindset and model these behaviors for the organization. 
• Perform other compliance related tasks as needed.

• Bachelor’s degree in information technology, business, or related field; or high school degree/general education diploma (GED).
• Associate level requires 1-2 years of experience.
• Mid-level requires 3-5 years of experience.
• Senior level requires 6+ years of experience.
• Excellent interpersonal and communication skills.
• Demonstrated ability to operate in a cross cultural and complex matrix environment with the ability to build consensus across functions.
• Prior experience working in an audit-related role with an emphasis on compliance, operations and/or security controls. 
• Prior experience and knowledge of regulatory requirements and control frameworks.

Nice to have:

• Experience with compliance guidelines like HIPAA, FDA, HITRUST, PCI-DSS, etc.
• Experience with control frameworks ISO 27001, NIST 800-53.