Compliance Analyst, IT/Tech
Listed on 2026-06-30
-
IT/Tech
Cybersecurity, Information Security, Data Security
The Compliance Analyst (CA) at ampliFI Loyalty Solutions is responsible for supporting and executing the company’s compliance programs. Reporting to the Compliance Manager, the CA works closely with the Risk & Security team as well as all business units, including Technology, Operations, Product, and others.
Under the guidance of the Compliance Manager, the CA assists with industry and client audits, internal assessments, and compliance requests, including but not limited to SOC, PCI, and Privacy. The role also involves supporting risk identification and management across the company. Additionally, the CA may assist with information security initiatives to protect both ampliFI and customer data. While the Compliance team’s focus is on compliance responsibilities, opportunities may exist to contribute to broader security platforms and initiatives
Responsibilities Compliance & Risk Support- Support and assist with SOC audits including SOC 1 Type II and SOC 2 Type II with all Trust Service Criteria
- Support PCI DSS assessments as a Level 1 Service Provider
- Support privacy readiness efforts aligned with U.S., state, and international regulations (e.g., CCPA, GDPR), including data breach response preparedness
- Assist with Governance, Risk, and Compliance (GRC) program activities, including monitoring control effectiveness and remediation tracking
- Maintain and update policies, standards, and procedures
- Support client third-party management requests and assessments
- Assist with vendor risk management and other compliance-related initiatives as directed
- Support security initiatives as needed across the Risk & Security team
- Assist in monitoring, reporting, and documentation of security systems and controls
- Monitor remediation activities related to penetration testing and application security assessments
- Participate in incident response for privacy and data subject requests
- Prepare compliance and risk reports for management and clients
- Assist in handling audit inquiries and evidence collection
Support Business Continuity and Disaster Recovery (BCDR) testing - Perform additional duties as assigned
- Bachelor’s degree in Compliance, Audit, Cybersecurity, Information Security, Information Technology, Computer Science, or a related field, or equivalent professional experience
- Minimum of 2 years of experience in compliance, audit, security, or risk management
- Understanding of privacy regulations (e.g., CCAA, GDPR)
- Competency in supporting audit and compliance processes
- Strong organizational and time-management skills
- Ability to create and maintain policies, procedures, and documentation
- Hands‑on experience with SOC, PCI DSS, or other audit/compliance frameworks
- Exposure to risk and security frameworks such as NIST CSF, NIST RMF, or ISO 27001
- Experience supporting third‑party assessments or client compliance requests
- Familiarity with business continuity or incident response planning and testing
- Experience collaborating across cross‑functional teams in a technical environment
- Detail‑oriented and proactive
- Strong analytical and problem‑solving abilities
- Excellent written and verbal communication skills
- Professional judgment and discretion with sensitive information
- Collaborative mindset and willingness to learn
- Ability to manage multiple priorities in a fast‑paced environment
- Based at ampliFI’s Naperville, IL Corporate office, this hybrid role requires onsite reporting Tuesday‑Thursday weekly.
- National remote opportunities require residency in one of the following states AZ, CO, FL, GA, IL, IN, MA, MT, NC, NE, NH, NJ, NY, OH, PA, SC, TX, UT, VA, or WI.
This role involves sitting or standing for extended periods, using computers, phones, and other office equipment. Visual acuity and manual dexterity are needed for reading documents and handling materials. Occasional lifting of items up to 20 lbs. and frequent phone communication is required.
Other DutiesDuties, responsibilities, and activities are not all encompassing and may change at any time with or without notice. To…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).