Job Description - Lead Cybersecurity Compliance Management Analyst

Role Summary

The Lead Cybersecurity Compliance Management Analyst supports the execution and ongoing operation of the organization's cybersecurity compliance program. This role is responsible for performing compliance assessments, control testing, evidence management, audit support, and remediation tracking across cybersecurity domains. The analyst partners closely with Cyber Engineering, GRC, Risk Management, Internal Audit, Privacy, and IT teams to maintain audit readiness and regulatory compliance.

Cybersecurity Compliance Execution

• Execute cybersecurity compliance activities aligned to frameworks such as HIPAA, NIST CSF, NIST 800-53, ISO 27001, CIS Benchmarks, PCI-DSS, and SOX.
• Support periodic compliance assessments across applications, infrastructure, cloud, and security platforms.
• Interpret regulatory and security requirements and map them to applicable controls.
• Maintain compliance trackers and posture dashboards.

Control Assurance & Testing

• Support control documentation, walkthroughs, testing, and evidence validation.
• Perform control effectiveness testing and maturity assessments.
• Identify control gaps and support remediation planning.
• Track remediation progress and validate closure.

Policy, Standards & Governance Support

• Support maintenance and periodic review of cybersecurity policies and standards.
• Ensure alignment with regulatory requirements and industry frameworks.
• Support compliance governance forums and exception tracking.
• Maintain control libraries and documentation repositories.

Audit & Regulatory Support

• Support internal and external audits and regulatory examinations.
• Collect, validate, and manage audit evidence.
• Track audit findings, management action plans, and closure status.
• Coordinate with stakeholders for timely audit responses.

Reporting & Continuous Improvement

• Maintain compliance metrics, dashboards, and status reporting.
• Analyze trends in findings and recurring issues.
• Support process improvement and automation initiatives.
• Leverage GRC tools such as ServiceNow GRC.

Required Skills & Experience

• 69 years of experience in cybersecurity compliance, GRC, risk management, or audit support roles.
• Working knowledge of frameworks such as HIPAA, NIST, ISO, PCI, and CIS.
• Experience with compliance assessments, audits, and control testing.
• Familiarity with GRC tools (ServiceNow GRC preferred).
• Strong analytical and documentation skills.

Preferred Qualifications

• Experience in healthcare or other regulated industries.
• Exposure to policy lifecycle management and control frameworks.
• Certifications or progress toward CISA, CRISC, CISM, CISSP, or ISO 27001.

Behavioral & Professional Competencies

• Strong attention to detail and audit discipline.
• Ability to translate regulatory requirements into actionable controls.
• Strong written and verbal communication skills.
• Collaborative and continuous improvement mindset.