IT Compliance Analyst

Job Description: IT Compliance Analyst

Overview:

Ensure the organization’s IT systems, processes, and services comply with current and emerging standards, including information security, IT service management, and AI governance. Conduct compliance reviews, risk assessments, audits, and report KPIs to support continuous improvement and alignment with evolving regulatory and industry requirements.

Key Responsibilities:

• Standard management

o Ensure IT systems and processes comply with standards such as ISO 27001, ISO 20000, ISR, PCI DSS, ITIL, and AI compliance requirements.

o Document and periodically review IT and AI policies and procedures related to ISMS, ITSMS, and AI governance frameworks.

• Risk Management:

o Conduct IT risk assessments to identify potential security and service risks, and collaborate with process and system owners to define, implement, and monitor effective controls to mitigate these risks.

• Audit Management

o Identify non-compliance issues, prepare root cause analysis, and ensure timely development and implementation of remediation plans.

o Participate and coordinate in all internal and external IT audits (ISMS, ITSMS, or other compliance audits).

• Training & Awareness

o Develop and deliver training programs on information security and IT service management best practices, fostering a culture of compliance and ensuring employees understand their responsibilities in maintaining IT governance.

• Performance Monitoring & Reporting

o Define, measure, and report IT compliance and control effectiveness metrics (KPIs) to management.

o Develop dashboards and reports using Power BI or similar visualization tools to communicate compliance performance and trends.

• Process Controls & Continuous Improvement

o Coordinate with process owners to ensure IT internal controls are implemented, maintained, and aligned with documented standards, and work with relevant stakeholders to remediate any deficiencies identified through monitoring or audit processes.

• GRC System Management

o Utilize GRC tools to automate audit findings tracking, remediation management, risk assessments, and policy lifecycle reviews.

o Support integration of compliance processes into digital governance platforms.

Required Skills & Qualifications:

• Educational Background: Bachelor’s degree in information technology, Computer Science, or a related field.
• Experience: 5 years of experience in IT Governance, Risk management, or a similar role.
• Technical Knowledge: Highly proficient IT skills in Word, Excel, PowerPoint, MS Visio, ITSM tools, Power BI, GRC tools and Familiarity with IT systems cybersecurity principles, and IT compliance frameworks.
• Communication Skills: Excellent verbal and written communication for reporting, audit coordination and training purposes.
• Certifications (Preferred): CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor/Auditor, ITIL Foundation, or other relevant IT governance, risk, security, or compliance certifications.

Key Competencies:

• Attention to detail and accuracy.
• Problem-solving and critical thinking.
• Ability to work independently and collaboratively.
• Strong organizational and time-management skills.