Compliance Analyst

Compliance Analyst
Location: Menlo Park, CA (2-3 days onsite, then the rest remote)
Duration: 5+ Months Contract (Could extend)


Looking for candidates with this experience and skills:

• A strong understanding of compliance
• End-to-end audit experience
• Gap analysis/assessment expertise
• Project management capabilities, including stakeholder management
• Heavy focus on cybersecurity standards compliance, specifically HITRUST, SOC 2, and ISO frameworks.
• Work involves significant use of the GRC tool (Vanta) (about 80% of efforts).
• Responsibilities include feeding controls into Vanta, analyzing security controls, and ensuring compliance continuously.
• Current team has a compliance tool but is not fully utilizing it yet.
• Privacy-related knowledge is not required; primary focus is cybersecurity compliance.
• Experience/titles can be: GRC/Compliance Lead, GRC/Compliance Analyst, GRC/Compliance Manager, GRC Engineer, Compliance Project/Program Manager
• GRC Platforms (Vanta, Drata or similar)
• Experience in the following frameworks (combination of 3 or more): ISO 27001, SOC 2, PCI DSS, HIPAA, NIST CSF, HITRUST.

Responsibilities:

• Plan, execute and lead security audits across an organization for security frameworks and regulations such as ISO27001, HIPAA, PCI DSS, SOC 2 and assist with other security-relevant audits
• Identify and report deficiencies in both technical and non-technical organizational security controls and compliance processes. Drive the design and implementation of remediation plans for non-conformities, opportunities for improvements, security exceptions in collaboration with the Risk Management team.
• Coordinate security audit activities across the organization, collaborating with cross-functional teams including IT, Engineering, Quality, Operations, People, Finance, Legal and other business units to ensure timely collection and management of audit evidence.
• Ensure compliance with internal policies, standards, and applicable regulations by maintaining and operating effective compliance programs and activities.
• Develop, review, and analyze compliance documentation, assessment reports, and audit findings to ensure accuracy, completeness, and actionable insights Conduct periodic internal reviews and system audits of systems to validate ongoing adherence to security policies and procedures across all departments Engage with external consultants for independent security audits and/or testing efforts, as needed
• Support the implementation and ongoing enhancement of Client's GRC platform, with a focus on automating control testing, evidence collection, and continuous compliance monitoring across the organization