Senior IT Compliance Analyst

Posted 8 days agoViewed

💎 Seniority level: Senior, 6+ years

📍 Location: United States

💸 Salary: 108000.0 - 157000.0 USD per year

🔍 Industry: IT Compliance

🏢 Company: Oura👥 251-500💰 $75,000,000 Series D 4 months agoWearables Mobile Apps Health Care

🗣️ Languages: English

⏳ Experience: 6+ years

🪄 Skills: AWSCloud ComputingGCPJiraAzureComplianceRisk ManagementConfluence

Experience: 6+ years of experience in IT compliance, IT risk management, IT operations, or a related GRC role.
Governance Writing Skills: Exceptional ability to draft clear, concise policies and procedures that are easily understood and practical for end-users.
Knowledge: Deep knowledge of SOC2, HIPAA, HITRUST, NIST 800-171, and emerging regulatory requirements in IT.
Technical Skills: Understanding of IT security controls, access management, cloud environments (AWS, Azure, GCP), and IT operations tools (e.g., ServiceNow, SIEM, and IAM solutions).
Work Management Tools: Experience optimizing compliance processes using tools like Jira, Confluence, and ServiceNow for tracking and automation.
Analytical & Problem-Solving Skills: Proven ability to assess complex compliance requirements, interpret regulatory frameworks, and drive pragmatic solutions.
Collaboration & Influence: Strong ability to partner with engineering, security, legal, and IT teams to embed compliance best practices into day-to-day operations.
Remote Collaboration and Travel: Ability to travel as needed and effectively collaborate with remote teams.

Lead Compliance Programs: Take ownership of IT compliance initiatives, driving continuous improvement and maturity across SOC2, HIPAA, HITRUST, and NIST 800-171.
Audit & Compliance Management: Lead the planning, execution, and management of compliance audits, coordinating with internal teams and external auditors to ensure successful outcomes.
Policy Development & Maintenance: Develop, maintain, and revise IT compliance policies and procedures, ensuring alignment with industry best practices and evolving regulatory requirements.
Risk Assessment: In collaboration with Security, conduct regular IT risk assessments, identifying gaps in controls, and recommending mitigation actions to minimize potential risks.
Documentation & Reporting: Maintain comprehensive documentation to support compliance activities and generate regular reports to communicate compliance status to stakeholders.
Collaboration & Stakeholder Engagement: Work closely with Security, IT Operations, and Legal teams to facilitate compliance-related initiatives and ensure controls are properly implemented.
Training & Awareness: Provide ongoing training to internal teams on compliance obligations, policies, and best practices to cultivate a culture of compliance.