IT Compliance Analyst

IT Compliance Analyst

Synerfac is seeking an IT Compliance Analyst. For over 60 years, our client has tackled some of the most complex industrial machining and fabrication projects in the world. With a relentless focus on quality, cutting-edge technology, and a team of skilled professionals, they deliver exceptional solutions to customers across the globe. As an IT Compliance Analyst, you will be responsible for monitoring and recording the compliance of our corporate IT security program (CMMC Level 2). This role requires a sharp eye for detail and a deep understanding of regulatory requirements. You will be a contributor in the development and maintenance of corporate policies and procedures, ensuring they remain in full compliance with federal regulation. Key responsibilities include researching and anticipating new regulations, conducting periodic reviews of existing protocols, investigating potential breaches, and ensuring all documentation is meticulously maintained for audits. This is a vital position for a professional dedicated to upholding the highest standards of security and compliance. The IT Compliance Analyst position will support and participate in the day-to-day operations of the company but is not expected to perform IT tasks, nor are they required to be an IT professional. Responsibilities and Functions: The IT Compliance Analyst is responsible for ensuring personnel and programs adhere to the corporate IT security program (CMMC Level 2). Additionally, this person assists in the development and maintenance of corporate policy and procedures in order to comply with federal regulation. This involves researching upcoming changes to regulation, periodically reviewing existing procedures, reviewing suspicious activities, reporting breaches of protocol, and maintaining records for auditing. - Monitor auditing software used in environment. - Review reports and escalate to IT personnel for resolution as necessary. - Periodically audit business functions for compliance. - Participate in incident response and make reports detailing actions taken. - Solicit feedback from personnel and work with IT to address employee concerns. - Review IT tickets to provide guidance on corporate policy to IT technicians as needed. Report on conflicts arising within the IT environment and work alongside system owners and techs to find compliant complaint solutions. - Participate in risk management reviews and produce reports of actions taken. - Work with IT personnel, consultants, and internal stakeholders to develop and revise information security procedures and policies. - Assist with reviewing and remediating items found during audits, both internal and external. - Monitor and manage hardware and software baselines, including managing inventory of existing assets. - Comply with company policies and procedures, as well as applicable laws, regulations, and statutes issued by federal agencies such as DoD, DOS, and DOJ, including, but not limited to, CMMC and ITAR.

Required Qualifications: The IT Compliance Analyst must have the ability to analyze, research, and resolve questions and possess the ability to learn quickly and adjust to technological changes. The ideal candidate must have the following skills & qualifications: - Excellent communication, documentation skills, and the ability to understand and explain technical details to technical and non-technical audiences is required to be successful. - Ability to effectively communicate on complex issues with a high level of effectiveness. - The ability to work in a team, present a trustworthy image, and deal effectively with others is required. - Strong reading comprehension, research, analytical, and testing skills. - Experience with ISO 27001 ISMS, HITRUST, or CMMC compliance programs is strongly preferred. - Four (4) years of directly relevant experience or a bachelor's degree in a related field is required. - ISACA Cybersecurity Fundamentals certification is required within 18 months. Due to the critical nature of data security, each employee has the responsibility to protect company and government data. Employees have legal and regulatory obligations to respect and protect the privacy of information and its integrity and confidentiality. Guidance is contained in the company information security policies. Violations of policy may result in disciplinary action, up to and including termination.