Security Compliance Analyst

Security Compliance Analyst

6 month+ Contract
, 100% Remote

The IT Systems Compliance Analyst is responsible for monitoring and advancing compliance programs supporting Infrastructure Services. This role oversees government and commercial regulatory requirements to promote organizational integrity and ensure ongoing compliance. The position focuses on defining, communicating, and managing compliance program requirements and key performance indicators across multiple business areas.

• maturing and sustaining the compliance program across infrastructure platforms.
• Interface with audit, security, and technology stakeholders to provide policies, procedures, and technical evidence required for compliance reviews.
• Collaborate with technology owners to apply policies, procedures, and audit requirements accurately and consistently.
• Interpret policies and procedures to ensure technical accuracy and practical application.
• Manage documentation and evidence repositories to support internal and external audit activities, including automated scans and manual validation.
• Develop, update, and maintain compliance policies and procedures aligned with applicable regulatory and security frameworks.
• Navigate public compliance resources and tooling, including DISA STIG documentation and STIG Viewer applications.
• Participate in discussions with leadership to communicate current compliance posture and program maturity.
• Advise on mitigation and remediation strategies for identified gaps and document corrective actions when required.
• Perform hardware and software evaluations to ensure baseline configuration integrity.
• Provide audit evidence and support self inspection activities against defined policies, procedures, and infrastructure baselines.
• Collect and maintain evidentiary documentation to support recurring compliance audits throughout the year.
• Work with SQL relational databases, including queries and statements, to support compliance analysis.
• Utilize Excel for tracking, reporting, and documentation.
• Perform additional duties as assigned.

• Four or more years of demonstrated experience in the design, implementation, administration, monitoring, and troubleshooting of technology systems.
• Strong understanding of information security principles including risk management, vulnerability management, incident response, and identity and access management.
• Experience working in environments tightly integrated with operating systems.
• Background supporting large scale enterprise system implementations.
• Strong critical thinking skills with the ability to evaluate alternatives and recommend solutions aligned with business objectives.
• Ability to manage work independently and take ownership of responsibilities.
• Demonstrated ability to learn from feedback and continuously improve performance.
• Clear and effective communication skills for technical and non technical audiences.
• Ability to adapt in a fast paced and evolving environment.
• Hands on experience with audit and vulnerability tools such as Nessus, ACAS, and Nexpose.
• Knowledge of audit and assessment processes including configuration management.
• Strong interpersonal skills with the ability to collaborate across diverse teams and roles.

• Experience implementing and supporting security frameworks such as NIST 800‑53, DISA security requirements, CIS, HITRUST, and PCI within large enterprise environments. Must be able to produce audit ready evidence and provide analytical insight beyond basic data collection.
• Familiarity with enterprise audits including SOC 2, FISMA, MAC ARS, and Department of Defense assessments.
• Experience working directly with internal and external auditors.

Three to five years of relevant experience or an equivalent combination of education and transferable experience supporting technology design, implementation, monitoring, and troubleshooting.

Bachelor's degree in an IT related field or equivalent relevant professional experience.

• Experience serving as a primary liaison between infrastructure teams and audit or security organizations.
• Ability to manage requirements across multiple concurrent audits.
• Comfort consulting independently with operational teams and senior leadership.
• Experience defining and managing compliance audit requirements and performance indicators such as security controls derived from NIST 800‑53 and DISA STIGs.
• Security related certifications such as CompTIA Security Plus or CISSP.

We champion equality and inclusivity, proudly supporting an Equal Opportunity Employer policy. We welcome applicants regardless of Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other status protected by law.