IT Security & Compliance Analyst

The IT Security & Compliance Analyst is responsible for ensuring that the organization's IT systems, processes, and policies comply with applicable laws, regulations, and industry standards. This role involves assessing and monitoring compliance risks, conducting audits, managing IT policies and procedures, and working closely with internal teams to maintain a secure and compliant IT environment. The IT Security & Compliance Analyst also plays a critical role in supporting audits, ensuring data protection, and driving continuous improvement of IT compliance programs.Security & Regulatory ComplianceEnsure organizational compliance with applicable IT regulations, standards, and frameworks (e.g., ISO 27001, SOC 2, NIST, HIPAA, GDPR, 21 CFR Part 11).Assist in preparing for internal and external IT audits (e.g., regulatory audits, third-party audits, customer audits).Review and respond to IT client audit questionnaires and provide sponsor or regulatory audit support where needed.Responsible and accountable for the resolution of CAPAs owned by IT (e.g. create or amend work instruction, policy and / or procedure).Maintain accurate documentation of all compliance activities and audit reports.Support the development and maintenance of IT policies, procedures, and standards to promote compliance.Evaluate the compliance posture of third-party vendors and service providers to ensure they meet necessary security standards.Support the IT Team to ensure Training, Documents, and Issues are addressed and / or maintained. Participate in incident response activities related to security and compliance issues, including investigation, remediation and documentation. Make recommendations on creative and innovative ways to improve process and procedures and respond to audit findings.Monitoring & TrainingMonitor and evaluate IT systems and processes to ensure they align with established compliance standards.Ensure security and regulatory non-compliance issues are properly

and report on compliance-related incidents and remediation activities.Confirm System Owners and Technical system experts maintain effective information systems security and regulatory compliance according to policies and procedures, including monitoring completion of regular system operational tasks (e.g. system access reviews and other yearly IT operational tasks).Ensure that IT security and compliance policies are communicated and enforced across the

training completion status for all IT staff, follow-up and offer assistance if necessary (i.e. how to complete an unplanned deviation).Assist in reviewing and provide feedback on training

ImprovementKeep abreast of IT security trends, industry regulations and guidelines to ensure ongoing compliance. Perform regular proactive reviews or audits to identify potential areas of improvement to compliance, security risk and vulnerability, analyze impact and drive improvements. Prepare compliance reports for management, highlighting potential issues and areas for improvement. QualificationsCertification in CISA, CISSP, CRISC, or ISO 27001 Lead Auditor is an assetDemonstrated experience in IT compliance, information security, or a related field, with specific experience in SOC 2 and ISO 27001 compliance.Strong understanding of GDPR, HIPAA, Good Clinical Practice (GCP)and working knowledge of 21 CFR Part 11, GAMP 5 and Computer System Validation (CSV) processes. Excellent analytical and problem-solving skillsPrevious audit experience and the ability to work with a broad spectrum of people with varying levels of technical acumenHigh level of accuracy and attention to detailStrong ethical standards and integrityExcellent verbal and written communication skills and the ability to work collaboratively with cross-functional stakeholders$67,500 - $112,000 a year+ BonusPHISHING SCAM WARNING : Alimentiv is aware of the continued increase of phishing scams, leveraging various methods of attack via email, text, voice and social media. Please note that Alimentiv only uses company email addresses, which contain "@alimentiv.com", to communicate with candidates via email. If you are contacted by someone about an open job at Alimentiv, please verify the domain of the sender's email address and that they are asking you to apply on this website. If you believe you've been a victim of a phishing scam, please contact your local government cyber authority to report.