Compliance Analyst - Cyber Security

  • Menlo Park, CA
  • Posted 16 hours ago | Updated 16 hours ago

Overview

Hybrid
$50 - $60
Contract - W2
Contract - Independent
Contract - 6 Month(s)

Skills

Auditing
ISO 9000
GRC
HITRUST
ISO frameworks

Job Details

Skills:

Heavy focus on cybersecurity standards compliance, specifically HITRUST, SOC 2, and ISO frameworks.

Work involves significant use of the GRC tool (Vanta) (about 80% of efforts).

Responsibilities include feeding controls into Vanta, analyzing security controls, and ensuring compliance continuously.

Current team has a compliance tool but is not fully utilizing it yet.

Privacy-related knowledge is not required; primary focus is cybersecurity compliance.

Experience/titles can be: GRC/Compliance Lead, GRC/Compliance Analyst, GRC/Compliance Manager, GRC Engineer, Compliance Project/Program Manager

GRC Platforms (Vanta, Drata or similar)

Experience in the following frameworks (combination of 3 or more): ISO 27001, SOC 2, PCI DSS, HIPAA, NIST CSF, HITRUST.

Formal JD:

Responsibilities:

  • Plan, execute and lead security audits across an organization for security frameworks and regulations such as ISO27001, HIPAA, PCI DSS, SOC 2 and assist with other security-relevant audits
  • Identify and report deficiencies in both technical and non-technical organizational security controls and compliance processes. Drive the design and implementation of remediation plans for non-conformities, opportunities for improvements, security exceptions in collaboration with the Risk Management team.
  • Coordinate security audit activities across the organization, collaborating with cross-functional teams including IT, Engineering, Quality, Operations, People, Finance, Legal and other business units to ensure timely collection and management of audit evidence.
  • Ensure compliance with internal policies, standards, and applicable regulations by maintaining and operating effective compliance programs and activities.
  • Develop, review, and analyze compliance documentation, assessment reports, and audit findings to ensure accuracy, completeness, and actionable insights Conduct periodic internal reviews and system audits of systems to validate ongoing adherence to security policies and procedures across all departments Engage with external consultants for independent security audits and/or testing efforts, as needed
  • Support the implementation and ongoing enhancement GRC platform, with a focus on automating control testing, evidence collection, and continuous compliance monitoring across the organization

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.