The IT Security & Compliance Analyst is responsible for ensuring that the
organization's IT systems, processes, and policies comply with applicable laws,
regulations, and industry standards. This role involves assessing and monitoring
compliance risks, conducting audits, managing IT policies and procedures, and
working closely with internal teams to maintain a secure and compliant IT
environment. The IT Security & Compliance Analyst also plays a critical role in
supporting audits, ensuring data protection, and driving continuous improvement
of IT compliance programs.
\n
Security & Regulatory Compliance
- Ensure organizational compliance with applicable IT regulations, standards,
and frameworks (e.g., ISO 27001, SOC 2, NIST, HIPAA, GDPR, 21 CFR Part 11).
- Assist in preparing for internal and external IT audits (e.g., regulatory
audits, third-party audits, customer audits).
- Review and respond to IT client audit questionnaires and provide sponsor or
regulatory audit support where needed.
- Responsible and accountable for the resolution of CAPAs owned by IT (e.g.
create or amend work instruction, policy and/or procedure).
- Maintain accurate documentation of all compliance activities and audit
reports.
- Support the development and maintenance of IT policies, procedures, and
standards to promote compliance.
- Evaluate the compliance posture of third-party vendors and service providers
to ensure they meet necessary security standards.
- Support the IT Team to ensure Training, Documents, and Issues are addressed
and/or maintained.
- Participate in incident response activities related to security and
compliance issues, including investigation, remediation and documentation.
- Make recommendations on creative and innovative ways to improve process and
procedures and respond to audit findings.
Monitoring & Training
- Monitor and evaluate IT systems and processes to ensure they align with
established compliance standards.
- Ensure security and regulatory non-compliance issues are properly remediated.
- Track and report on compliance-related incidents and remediation activities.
- Confirm System Owners and Technical system experts maintain effective
information systems security and regulatory compliance according to policies
and procedures, including monitoring completion of regular system operational
tasks (e.g. system access reviews and other yearly IT operational tasks).
- Ensure that IT security and compliance policies are communicated and enforced
across the organization.
- Monitor training completion status for all IT staff, follow-up and offer
assistance if necessary (i.e. how to complete an unplanned deviation).
- Assist in reviewing and provide feedback on training matrices.
Continuous Improvement
- Keep abreast of IT security trends, industry regulations and guidelines to
ensure ongoing compliance.
- Perform regular proactive reviews or audits to identify potential areas of
improvement to compliance, security risk and vulnerability, analyze impact
and drive improvements.
- Prepare compliance reports for management, highlighting potential issues and
areas for improvement.
Qualifications
- Certification in CISA, CISSP, CRISC, or ISO 27001 Lead Auditor is an asset
- Demonstrated experience in IT compliance, information security, or a related
field, with specific experience in SOC 2 and ISO 27001 compliance.
- Strong understanding of GDPR, HIPAA, Good Clinical Practice (GCP)and working
knowledge of 21 CFR Part 11, GAMP 5 and Computer System Validation (CSV)
processes.
- Excellent analytical and problem-solving skills
- Previous audit experience and the ability to work with a broad spectrum of
people with varying levels of technical acumen
- High level of accuracy and attention to detail
- Strong ethical standards and integrity
- Excellent verbal and written communication skills and the ability to work
collaboratively with cross-functional stakeholders
\n
$67,500 - $112,000 a year
PHISHING SCAM WARNING: Alimentiv is aware of the continued increase of phishing
scams, leveraging various methods of attack via email, text, voice and social
media. Please note that Alimentiv only uses company email addresses, which
contain “@alimentiv.com”, to communicate with candidates via email. If you are
contacted by someone about an open job at Alimentiv, please verify the domain of
the sender’s email address and that they are asking you to apply on this
website. If you believe you’ve been a victim of a phishing scam, please contact
your local government cyber authority to report.
