IT Compliance Analyst

Job Title: IT Compliance Analyst

Location: Tempe, AZ

Division: Operations

Department: IT Operations

Quantum Computing Inc. (QCi) (Nasdaq: QUBT) is an innovative, integrated photonics company that provides accessible and affordable quantum machines to the world today. QCi products are designed to operate at room temperature and low power at an affordable cost. The Company’s portfolio of core technology and products offer unique capabilities in the areas of high‑performance computing, artificial intelligence, cyber security as well as remote sensing applications.

QCi is seeking an experienced IT compliance analyst to ensure the processes and associated controls for the compliance frameworks are designed, managed, and assessed for effectiveness to reduce overall compliance risk across the organization. This includes performing continuous monitoring and driving audit actions to ensure adherence to the in‑scope compliance frameworks. The IT Compliance Analyst will liaise closely with key stakeholders to ensure full alignment on all IT regulatory compliance issues and be the primary subject matter expert, leading assigned audit program(s).

In addition to this, they will establish a comprehensive understanding of the organization audit and compliance programs (i.e., SOX, PCI, ISO 27001, SOC 2, CMMC, etc.).

• IT Security Risk and Privacy Assessments - Assess, document, and report on existing security / privacy controls, risks & exceptions in support of regulatory compliance frameworks. Coordinate with control owners, system owners, and business owners to address control weaknesses and noncompliance
• Audit Support – Scoping audits, scheduling activities, leading calls, coordinating and fulfilling document request lists, leading walkthroughs, and other audit tasks as appropriate.
• Vendor Risk Assessments – Conduct and manage vendor security assessments by evaluating third‑party controls, reviewing audit reports (e.g., CMMC, SOC 2, ISO/IEC 27001), identifying risks, and ensuring compliance with applicable data protection regulations (e.g., GDPR, HIPAA).
• Security policies and procedures – Establish best practices, standards, and compliance guidelines. Assist in the development and implementation of security policies and procedures
• Customer Security Questionnaires – Respond to customer security questionnaires by gathering and validating control evidence, clearly communicating security practices, and ensuring alignment with frameworks such as CMMC, SOC 2 and ISO/IEC 27001 while meeting client and regulatory requirements.
• Collaborate with Development and IT teams – Assist in the evaluation, testing, and assurance criteria for security architectures and designs, Assist in the analysis of new and existing security technologies, policies, and processes
• Align Security Controls with Compliance Requirements – map internal policies and technical safeguards to frameworks such as SOX, CMMC, SOC 2 and ISO/IEC 27001, identifying gaps, and driving remediation efforts to ensure ongoing regulatory and audit readiness.

• 3+ years of experience as an IT / Security Compliance Analyst
• In‑depth knowledge and hands on experience with GRC tools
• Experience working with multiple security frameworks such as SOX, CMMC, NIST, SOC, & ISO 27001.
• Proficiency designing, implementing and monitoring secure controls
• Extensive audit and continuous monitoring experience
• Advanced knowledge of network, system, and application security controls
• Strong verbal and written communication skills

• 5+ years of experience as an IT security compliance analsyt
• In depth knowledge of NIST 800-171 security controls and associated processes, architectures and tooling support.
• In depth experience with configuring and automating GRC tooling
• Proven experience with leading IT security audits

Incumbent(s) in this position may be required to perform other duties and special assignments not specifically stated above. Statements outlined in this section are designated as essential job functions in accordance with the Americans with Disabilities Act of 1990.