PpThe IT Audit Compliance Analyst is responsible for driving audit execution and regulatory compliance efforts across the organization, with primary accountability for HITRUST, PCI DSS, and SOC 2 frameworks. This role serves as the operational liaison between regulatory standards and internal business/technical teams, ensuring requirements are accurately interpreted, implemented, documented, and successfully validated during external assessments. /p pThe ideal candidate has hands‑on experience translating complex compliance standards into actionable requirements, coordinating enterprise‑wide evidence collection, and confidently presenting documentation to external auditors. /p h3Key Responsibilities /h3 h3Regulatory Interpretation Requirement Translation /h3 ul liInterpret and operationalize requirements from HITRUST CSF, PCI DSS, and SOC 2 standards. /li liAnalyze regulatory language and translate it into clear, implementable control requirements for IT, Security, Engineering, Infrastructure, HR, and Business Operations teams. /li liIdentify applicability of specific requirements based on system architecture, data flows, and business processes. /li liDocument compliance narratives that clearly articulate how organizational processes satisfy regulatory criteria. /li liMaintain traceability between regulatory requirements and implemented controls. /li /ul h3Audit Coordination Evidence Management /h3 ul liLead end‑to‑end audit readiness activities for HITRUST certification, PCI DSS assessments (SAQ or ROC), and SOC 2 Type I/II examinations. /li liDevelop and manage structured evidence request lists across departments. /li liPartner with system owners, application teams, infrastructure teams, and business stakeholders to collect accurate, complete, and audit‑ready documentation. /li liValidate evidence for completeness, accuracy, and alignment with auditor expectations prior to submission. /li liMaintain organized audit repositories and version‑controlled documentation. /li /ul h3Cross‑Functional Collaboration /h3 ul liServe as the primary point of contact between auditors and internal departments. /li liConduct preparatory sessions with stakeholders to ensure clarity on audit expectations. /li liGuide teams in producing defensible documentation and system artifacts. /li liResolve gaps or ambiguities in evidence through structured follow‑up and remediation tracking. /li liFoster accountability for compliance obligations across the enterprise. /li /ul h3Audit Presentation External Auditor Engagement /h3 ul liPresent policies, procedures, and technical evidence directly to external auditors. /li liProvide structured walkthroughs of systems, processes, and compliance narratives. /li liRespond to auditor inquiries with clear, technically accurate explanations. /li liDefend evidence positions using regulatory language and documented standards. /li liManage follow‑up requests and supplemental documentation throughout the audit lifecycle. /li /ul h3Required Qualifications /h3 ul liBachelor’s degree in Information Systems, Cybersecurity, Computer Science, Accounting, or related field. /li li3+ years of experience in IT audit, compliance, or GRC functions. /li liDirect experience supporting or leading: ul libHITRUST CSF certification /b /li libPCI DSS compliance initiatives /b /li libSOC 2 Type I and Type II audits /b /li /ul /li liDemonstrated experience interpreting regulatory frameworks and translating them into internal compliance requirements. /li liExperience coordinating multi‑departmental evidence collection efforts. /li liExperience presenting documentation and responding directly to external auditors. /li liStrong documentation, organizational, and stakeholder management skills. /li /ul h3Preferred Qualifications /h3 ul liProfessional certifications such as: CISA, CRISC, CISSP, PCI ISA, or HITRUST CCSFP. /li liExperience with compliance automation or GRC platforms (e.g., Archer, ServiceNow GRC, Vanta, Drata). /li liFamiliarity with cloud environments (AWS, Azure, GCP) and cloud security controls. /li liUnderstanding of HIPAA, NIST CSF, ISO 27001, or other regulatory frameworks /li /ul /p #J-18808-Ljbffr