Senior Compliance Analyst

An entertainment company in New York City is actively seeking a driven and analytical professional to join their staff in a remote capacity as a Senior Compliance Analyst. In this role, The Senior Compliance Analyst will ensure adherence to PCI, SOX, and SOC 2 Type II control frameworks and work with stakeholders across the business to collect evidence and validate that all control requirements are met.

Responsibilities:

• Familiarity with major areas of technical compliance, including access management (including UARs), asset management, secure development lifecycle, encryption, segregation of duties, secure configuration management, vulnerability management, secrets rotation, etc.


• Research and recommend security best practices for cloud-based services and infrastructure.


• Assess compliance across AWS, Google Cloud Platform, and Azure environments, including EC2 instances, databases, and storage.


• Evaluate security and compliance for containerized environments (Kubernetes, Docker, etc.).


• Collaborate on strategies to automate compliance monitoring for cloud environments.


• Partner with DevOps and security teams to ensure compliance is integrated into CI/CD pipelines (GitHub, Jenkins, Terraform, Atlantis).


• Help build Compliance as Code and Policy as Code capabilities.


• Identify solutions to automate compliance evidence collection for tools and pipelines.


• Support internal and external audits, ensuring controls are properly implemented and evidenced.


• Develop technical documentation to align with compliance requirements.


• Track compliance requests, deliverables, and key project milestones.

Qualifications/Requirements:

• 5+ years of direct experience (i.e. not just project management) in technical compliance, cyber security, or cloud governance.


• Must have experience collecting and analyzing evidence for controls.


• Hands-on experience with PCI DSS, SOX, and/or SOC 2 Type II compliance frameworks.


• Strong understanding of cloud platforms (AWS, Google Cloud Platform, Azure) and security best practices.


• Experience with Kubernetes, Docker, and container security.


• Familiarity with CI/CD tools (GitHub, Jenkins, Terraform, Atlantis).

Desired Skills:

• Experience with API development and scripting for compliance automation a plus.


• Knowledge of ServiceNow, CMDBs, and risk management platforms (e.g., LogicGate Risk Cloud) is a plus.


• Prior experience at a Big 4 consulting firm (Deloitte, PwC, EY, KPMG) is a huge plus.


• Strong problem-solving and analytical skills


• Attention to detail and ability to effectively communicate status and roadblocks for compliance areas.


• A passion for technology, security, and compliance in a fast-paced environment.


• Effective research, documentation, and organizational skills.


• Excellent communication skills and ability to present to leadership.


• Deadline focused and willing to escalate to leadership if encountering blockers.


• Collaborative mindset with a willingness to explore new solutions.