IT Security & Compliance Analyst

The IT Security & Compliance Analyst is responsible for ensuring that the organization's IT systems, processes, and policies comply with applicable laws, regulations, and industry standards. This role involves assessing and monitoring compliance risks, conducting audits, managing IT policies and procedures, and working closely with internal teams to maintain a secure and compliant IT environment. The IT Security & Compliance Analyst also plays a critical role in supporting audits, ensuring data protection, and driving continuous improvement of IT compliance programs.

Security & Regulatory Compliance

• Ensure organizational compliance with applicable IT regulations, standards, and frameworks (e.g., ISO 27001, SOC 2, NIST, HIPAA, GDPR, 21 CFR Part 11).
• Assist in preparing for internal and external IT audits (e.g., regulatory audits, third-party audits, customer audits).
• Review and respond to IT client audit questionnaires and provide sponsor or regulatory audit support where needed.
• Responsible and accountable for the resolution of CAPAs owned by IT (e.g. create or amend work instruction, policy and/or procedure).
• Maintain accurate documentation of all compliance activities and audit reports.
• Support the development and maintenance of IT policies, procedures, and standards to promote compliance.
• Evaluate the compliance posture of third-party vendors and service providers to ensure they meet necessary security standards.
• Support the IT Team to ensure Training, Documents, and Issues are addressed and/or maintained. 
• Participate in incident response activities related to security and compliance issues, including investigation, remediation and documentation. 
• Make recommendations on creative and innovative ways to improve process and procedures and respond to audit findings.

Monitoring & Training

• Monitor and evaluate IT systems and processes to ensure they align with established compliance standards.
• Ensure security and regulatory non-compliance issues are properly remediated.
• Track and report on compliance-related incidents and remediation activities.
• Confirm System Owners and Technical system experts maintain effective information systems security and regulatory compliance according to policies and procedures, including monitoring completion of regular system operational tasks (e.g. system access reviews and other yearly IT operational tasks).
• Ensure that IT security and compliance policies are communicated and enforced across the organization.
• Monitor training completion status for all IT staff, follow-up and offer assistance if necessary (i.e. how to complete an unplanned deviation).
• Assist in reviewing and provide feedback on training matrices.

Continuous Improvement

• Keep abreast of IT security trends, industry regulations and guidelines to ensure ongoing compliance. 
• Perform regular proactive reviews or audits to identify potential areas of improvement to compliance, security risk and vulnerability, analyze impact and drive improvements. 
• Prepare compliance reports for management, highlighting potential issues and areas for improvement.  

Qualifications

• Certification in CISA, CISSP, CRISC, or ISO 27001 Lead Auditor is an asset
• Demonstrated experience in IT compliance, information security, or a related field, with specific experience in SOC 2 and ISO 27001 compliance.
• Strong understanding of GDPR, HIPAA, Good Clinical Practice (GCP)and working knowledge of 21 CFR Part 11, GAMP 5 and Computer System Validation (CSV) processes.
• Excellent analytical and problem-solving skills
• Previous audit experience and the ability to work with a broad spectrum of people with varying levels of technical acumen
• High level of accuracy and attention to detail
• Strong ethical standards and integrity
• Excellent verbal and written communication skills and the ability to work collaboratively with cross-functional stakeholders