Information Security Compliance Analyst

Job Description

We're seeking a full-time, phenomenal Compliance Analyst to ensure Phenom's adherence to regulatory and industry information security and privacy standards. This role involves conducting audits, managing compliance initiatives, assessing risk, and collaborating with teams across the organization to enforce compliance policies and standards. The Security Compliance Analyst will be pivotal in maintaining certifications and ensuring Phenom remains compliant with frameworks such as ISO 27001 or SOC 2.

What You’ll Do

• Develop, implement, and maintain security policies, procedures, and controls to comply with regulatory and industry standards (e.G., SOC 2, ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC2, and others).
• Manage compliance initiatives, ensuring timely updates and certifications for applicable frameworks.
• Coordinate internal and external audits, including collecting evidence, managing documentation, and responding to auditor inquiries.
• Perform internal compliance assessments to identify gaps and recommend remediation strategies.
• Conduct regular risk assessments to identify processes, systems, and technology vulnerabilities.
• Collaborate with stakeholders to develop and implement mitigation strategies.
• Monitor compliance with security policies and standards, ensuring adherence across departments.
• Work closely with the sales, legal, and technical teams to respond to customer security questionnaires, RFPs, and due diligence requests.
• To streamline responses, maintain a library of frequently requested documentation, such as certifications, policies, and security process descriptions.
• Ensure responses align with the organization's security posture, compliance frameworks, and contractual obligations.
• Create and present reports on compliance status, audit results, and risk management metrics to leadership.
• Develop and deliver compliance training programs to educate employees on regulatory requirements and best practices.
• Promote a culture of compliance and security awareness across the organization.
• Assess the compliance posture of vendors and third-party partners, ensuring contractual obligations align with security and privacy standards.
• Manage vendor risk assessments and ensure ongoing monitoring of third-party relationships.
• Draft, review, and update security and privacy policies in alignment with regulatory requirements.
• Stay updated on regulatory and industry standards changes, recommending adjustments to policies and procedures as needed.

Must Have

Specialized Knowledge