IT Compliance and Security Analyst

Greetings from SDG! SDG is a global cybersecurity, identity governance, risk consulting, and advisory company that partners with clients to address their complex security, compliance, and technology needs. We help some of the largest brands in the world realize their business vision through strategic advice, expert systems integration, relevant technology recommendations, and smart managed services. Our value proposition includes thought leadership, a passion for customer success, and a commitment to risk management. We are looking for a dynamic individual to join our SDG family! Job Summary: The IT Compliance and Security Analyst will ensure that the organization's IT infrastructure, policies, and processes comply with regulatory and industry security standards. This role involves conducting risk assessments, managing audits, enforcing security policies, and mitigating vulnerabilities to protect organizational assets. Key Responsibilities: 1. IT Compliance & Risk Management - Ensure adherence to IT security compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, GDPR, and PCI-DSS. - Conduct risk assessments, gap analyses, and recommend mitigation strategies. - Assist in developing, implementing, and maintaining IT security policies and procedures. - Stay updated on evolving compliance regulations and security best practices. 2. Security Monitoring & Incident Response - Review security alerts, investigate incidents, and support incident response activities. - Collaborate with IT teams to ensure effective implementation and maintenance of security controls. 3. Audit & Documentation - Own internal and external security audits, including evidence collection and audit coordination. - Maintain records related to security controls, compliance reports, and risk assessments. - Liaise with stakeholders, track audit findings, and ensure timely remediation. - Conduct compliance tasks diligently, preventing delays or breaches. 4. Security Awareness & Training - Conduct compliance awareness training for employees. - Educate teams on compliance best practices. 5. Vendor & Third-Party Compliance - Assess third-party vendors for compliance risks. - Ensure vendor contracts align with IT security policies. - Technical understanding of IT infrastructure-related compliances. Requirements Required Qualifications & Skills: - Bachelor's degree in Information Security, IT, Computer Science, or related field. - 5+ years of experience in IT compliance, risk management, or audit. - Knowledge of security frameworks and regulatory compliance. - Strong analytical, problem-solving, and communication skills. - Certifications such as CISA, CEH, or Security+ are a plus. Preferred Skills: - Familiarity with security tools, cloud security compliance, DLP, and IAM. - Ability to work collaboratively with IT, Legal, and business teams. Benefits - Amazing People - Amazing Customers - Career growth opportunities - Lifelong learning support - Exposure to new technologies - Flexible work environment - Work-Life Balance - Employee-centric culture - Supportive Leadership Team - Start-up environment in an established company of over 25 years.,