| IT Audit & Compliance Analyst Position Summary The IT Audit & Compliance Analyst is responsible for driving audit execution and regulatory compliance efforts across the organization, with primary accountability for HITRUST, PCI DSS, and SOC 2 frameworks. This role serves as the operational liaison between regulatory standards and internal business/technical teams, ensuring requirements are accurately interpreted, implemented, documented, and successfully validated during external assessments. The ideal candidate has hands-on experience translating complex compliance standards into actionable requirements, coordinating enterprise-wide evidence collection, and confidently presenting documentation to external auditors. Key Responsibilities Regulatory Interpretation & Requirement Translation - Interpret and operationalize requirements from HITRUST CSF, PCI DSS, and SOC 2 standards.
- Analyze regulatory language and translate it into clear, implementable control requirements for IT, Security, Engineering, Infrastructure, HR, and Business Operations teams.
- Identify applicability of specific requirements based on system architecture, data flows, and business processes.
- Document compliance narratives that clearly articulate how organizational processes satisfy regulatory criteria.
- Maintain traceability between regulatory requirements and implemented controls.
Audit Coordination & Evidence Management - Lead end-to-end audit readiness activities for HITRUST certification, PCI DSS assessments (SAQ or ROC), and SOC 2 Type I/II examinations.
- Develop and manage structured evidence request lists across departments.
- Partner with system owners, application teams, infrastructure teams, and business stakeholders to collect accurate, complete, and audit-ready documentation.
- Validate evidence for completeness, accuracy, and alignment with auditor expectations prior to submission.
- Maintain organized audit repositories and version-controlled documentation.
Cross-Functional Collaboration - Serve as the primary point of contact between auditors and internal departments.
- Conduct preparatory sessions with stakeholders to ensure clarity on audit expectations.
- Guide teams in producing defensible documentation and system artifacts.
- Resolve gaps or ambiguities in evidence through structured follow-up and remediation tracking.
- Foster accountability for compliance obligations across the enterprise.
Audit Presentation & External Auditor Engagement - Present policies, procedures, and technical evidence directly to external auditors.
- Provide structured walkthroughs of systems, processes, and compliance narratives.
- Respond to auditor inquiries with clear, technically accurate explanations.
- Defend evidence positions using regulatory language and documented standards.
- Manage follow-up requests and supplemental documentation throughout the audit lifecycle.
Required Qualifications - Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Accounting, or related field.
- 3+ years of experience in IT audit, compliance, or GRC functions.
- Direct experience supporting or leading:
- HITRUST CSF certification
- PCI DSS compliance initiatives
- SOC 2 Type I and Type II audits
- Demonstrated experience interpreting regulatory frameworks and translating them into internal compliance requirements.
- Experience coordinating multi-departmental evidence collection efforts.
- Experience presenting documentation and responding directly to external auditors.
- Strong documentation, organizational, and stakeholder management skills.
Preferred Qualifications - Professional certifications such as: CISA, CRISC, CISSP, PCI ISA, or HITRUST CCSFP.
- Experience with compliance automation or GRC platforms (e.g., Archer, ServiceNow GRC, Vanta, Drata).
- Familiarity with cloud environments (AWS, Azure, GCP) and cloud security controls.
- Understanding of HIPAA, NIST CSF, ISO 27001, or other regulatory frameworks
#LI-DNI #LI-DNP
|
