Cybersecurity Compliance Analyst

Salary- $90K/yr - $120K/yr
Remote
Posted 2 weeks ago

Job Description

We are seeking a detail-oriented Cybersecurity Compliance Analyst to join our growing cybersecurity team. The Cybersecurity Compliance Analyst is responsible for ensuring that the organization’s information security practices comply with industry regulations, cybersecurity frameworks, and internal security policies. This role works closely with Security, IT, Risk Management, Legal, and Audit teams to assess compliance requirements, identify security gaps, and implement effective controls that protect organizational data and systems.

The ideal candidate has a strong understanding of cybersecurity governance, risk management, compliance frameworks, and regulatory standards such as NIST Cybersecurity Framework (CSF), NIST 800-53, ISO/IEC 27001, SOC 2, HIPAA, PCI DSS, CIS Controls, and GDPR. This position plays a critical role in supporting security audits, managing risk assessments, maintaining documentation, and driving continuous compliance initiatives across cloud and enterprise environments.

Key Responsibilities

  • Conduct cybersecurity compliance assessments across enterprise and cloud environments.
  • Ensure compliance with security frameworks, including NIST CSF, NIST 800-53, ISO/IEC 27001, SOC 2, PCI DSS, HIPAA, CIS Controls, and GDPR.
  • Perform security risk assessments and identify compliance gaps.
  • Develop, review, and maintain information security policies, standards, procedures, and documentation.
  • Coordinate internal and external cybersecurity audits and regulatory assessments.
  • Track remediation activities and verify the implementation of corrective actions.
  • Collaborate with IT, Security Operations, Cloud, Infrastructure, and Development teams to ensure security controls are effectively implemented.
  • Monitor changes in cybersecurity laws, regulations, and industry best practices.
  • Maintain Governance, Risk, and Compliance (GRC) platforms and compliance dashboards.
  • Prepare compliance reports, audit evidence, and executive-level presentations.
  • Support third-party vendor security assessments and risk evaluations.
  • Assist with security awareness initiatives and compliance training programs.
  • Evaluate technical and administrative security controls for effectiveness.
  • Support business continuity, disaster recovery, and cybersecurity governance initiatives.
  • Recommend process improvements to strengthen the organization’s security posture and regulatory compliance.

Required Qualifications

  • Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.
  • 2–5+ years of experience in cybersecurity, information security, risk management, governance, or compliance.
  • Strong knowledge of cybersecurity governance and regulatory compliance frameworks.
  • Experience supporting security audits and compliance assessments.
  • Familiarity with cloud security platforms such as AWS, Microsoft Azure, or Google Cloud Platform (GCP).
  • Understanding of Identity and Access Management (IAM), vulnerability management, encryption, endpoint security, and security monitoring.
  • Experience with Governance, Risk, and Compliance (GRC) tools.
  • Excellent analytical, documentation, and communication skills.
  • Ability to manage multiple compliance projects in a fast-paced environment.

Preferred Certifications

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Systems Auditor (CISA)
  • CompTIA Security+
  • ISO/IEC 27001 Lead Implementer or Lead Auditor
  • Certified Cloud Security Professional (CCSP)

Preferred Technical Skills

  • Governance, Risk, and Compliance (GRC)
  • NIST CSF & NIST 800-53
  • ISO/IEC 27001
  • SOC 2
  • HIPAA
  • PCI DSS
  • CIS Controls
  • GDPR
  • Cloud Security (AWS, Azure, GCP)
  • Identity and Access Management (IAM)
  • Risk Assessment
  • Vulnerability Management
  • Microsoft Defender
  • Microsoft Sentinel
  • Splunk
  • ServiceNow GRC
  • Archer GRC
  • Audit Documentation
  • Security Policies & Standards

Job Features

Job CategoryCyber Security

Apply For This Job

A valid phone number is required.