The IT Audit & Compliance Analyst is responsible for driving audit execution and regulatory compliance efforts across the organization, with primary accountability for HITRUST, PCI DSS, and SOC 2 frameworks. This role serves as the operational liaison between regulatory standards and internal business/technical teams, ensuring requirements are accurately interpreted, implemented, documented, and successfully validated during external assessments.
The ideal candidate has hands‑on experience translating complex compliance standards into actionable requirements, coordinating enterprise‑wide evidence collection, and confidently presenting documentation to external auditors.
Key Responsibilities Regulatory Interpretation & Requirement Translation
* Interpret and operationalize requirements from HITRUST CSF, PCI DSS, and SOC 2 standards.
* Analyze regulatory language and translate it into clear, implementable control requirements for IT, Security, Engineering, Infrastructure, HR, and Business Operations teams.
* Identify applicability of specific requirements based on system architecture, data flows, and business processes.
* Document compliance narratives that clearly articulate how organizational processes satisfy regulatory criteria.
* Maintain traceability between regulatory requirements and implemented controls.
Audit Coordination & Evidence Management
* Lead end‑to‑end audit readiness activities for HITRUST certification, PCI DSS assessments (SAQ or ROC), and SOC 2 Type I/II examinations.
* Develop and manage structured evidence request lists across departments.
* Partner with system owners, application teams, infrastructure teams, and business stakeholders to collect accurate, complete, and audit‑ready documentation.
* Validate evidence for completeness, accuracy, and alignment with auditor expectations prior to submission.
* Maintain organized audit repositories and version‑controlled documentation.
Cross‑Functional Collaboration
* Serve as the primary point of contact between auditors and internal departments.
* Conduct preparatory sessions with stakeholders to ensure clarity on audit expectations.
* Guide teams in producing defensible documentation and system artifacts.
* Resolve gaps or ambiguities in evidence through structured follow‑up and remediation tracking.
* Foster accountability for compliance obligations across the enterprise.
Audit Presentation & External Auditor Engagement
* Present policies, procedures, and technical evidence directly to external auditors.
* Provide structured walkthroughs of systems, processes, and compliance narratives.
* Respond to auditor inquiries with clear, technically accurate explanations.
* Defend evidence positions using regulatory language and documented standards.
* Manage follow‑up requests and supplemental documentation throughout the audit lifecycle.
Required Qualifications
* Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Accounting, or related field.
* 3+ years of experience in IT audit, compliance, or GRC functions.
* Direct experience supporting or leading:
o HITRUST CSF certification
o PCI DSS compliance initiatives
o SOC 2 Type I and Type II audits
* Demonstrated experience interpreting regulatory frameworks and translating them into internal compliance requirements.
* Experience coordinating multi‑departmental evidence collection efforts.
* Experience presenting documentation and responding directly to external auditors.
* Strong documentation, organizational, and stakeholder management skills.
Preferred Qualifications
* Professional certifications such as: CISA, CRISC, CISSP, PCI ISA, or HITRUST CCSFP.
* Experience with compliance automation or GRC platforms (e.g., Archer, ServiceNow GRC, Vanta, Drata).
* Familiarity with cloud environments (AWS, Azure, GCP) and cloud security controls.
* Understanding of HIPAA, NIST CSF, ISO 27001, or other regulatory frameworks
#J-18808-Ljbffr