Compliance Analyst, IT​/Tech

ISA Consulting is an IT company offering end-to-end solutions in Digital Transformation, Digital Consulting and Business Process Services - supporting all Tech Stacks. Collectively we service a multitude of clients across industries and company verticals. We are a culmination of some of the brightest Full Stack Developers, Data Engineers, Architects, Project Managers, Quality Analysts, Strategists, spanning across multiple time zones.

We are looking for a Compliance Analyst to support our Security, Compliance, Privacy, AI Governance, and Service Delivery functions within ISA Technology’s GRC program. This role focuses on maintaining and obtaining compliance with key frameworks and certifications such as ISO 27001, ISO 42001, ISO 27701, SOC2 and HITRUST, while also administering Third-Party Risk Management (TPRM) and vendor onboarding activities and supporting internal and external audits, working under the direction of the Compliance, Privacy, and AI Governance leads.

• Experience creating and implementing GRC policies, addendums, documentation and site content.
• Experience in participating in audits, ISO 27001, ISO 42001, ISO 27701, SOC2, HITRUST
• Passion for AI ethics, GRC, security, data protection and privacy
• Bachelor’s degree in Information Security, Compliance, or a related discipline.
• 2+ years of experience in risk, compliance, or audit roles (preferably within security or privacy domains).
• Working knowledge of GRC frameworks (ISO, NIST, SOC
  2) and risk management practices.
• Familiarity with TPRM processes and vendor due diligence requirements, including hands-on experience with TPRM platforms such as Prevalent.
• Strong attention to detail, organization, and documentation skills.
• Exceptional English speaking skills and technical writing capabilities.
• Ability to work collaboratively with technical and non-technical stakeholders.

• Assess, communicate, balance and elevate risk in the provision of compliance guidance to the business.
• Partner with teams and data stewards to coordinate and perform various audits and assessments (PIA, DPIA, TIA, AI impact assessment, Data Inventories, etc.) as needed;
  Maintain risk registers and risk matrices to support PIMS,AIMS, etc.
• Support and coordinate internal and external audits related to ISO 42001, ISO 27701, HITRUST, and other enterprise certifications.
• Administer and maintain the Third-Party Risk Management (TPRM) program in Prevalent, including issuing and reviewing vendor security, privacy, and responsible-AI assessments, following up on gaps, keeping the system up to date, and ensuring new vendors are evaluated before onboarding.
• Export reports from compliance and risk systems and prepare clear summary recaps for the compliance and governance leads.
• Collaborate with Security, Privacy, and AI Governance teams to manage compliance activities and close audit findings.
• Assist in maintaining and improving compliance frameworks, policies, and procedures, including drafting SOPs, manuals, and supporting documentation for ISO 42001 readiness for review by the compliance leads.
• Monitor control performance, gather evidence, and ensure documentation aligns with audit and regulatory expectations.
• Support initiatives as required under the teams GRC charter.

This job description may evolve over time. ISA Consulting is dedicated to diversity and inclusion, ensuring a fair workplace for all, regardless of race, color, religion, gender, national origin, age, disability, or any other protected status.(F)