IT Infrastructure Compliance Analyst - Onsite

IT Infrastructure Compliance Analyst Department: Information Technology | FLSA Classification: Non-Exempt | Employment Type: Full Time

POSITION SUMMARY

The IT Infrastructure Compliance Analyst plays a critical role in ensuring compliance with organizational policies, regulatory requirements, cybersecurity standards, and governance frameworks across the IT environment. This position is responsible for monitoring compliance activities, supporting audit readiness, tracking control activeness, and coordinating remediation eAorts to reduce organizational risk. The role collaborates closely with Cybersecurity, Infrastructure, Application Support, Risk Management, and Audit teams to ensure controls are implemented, documented, monitored, and maintained in accordance with established standards. The IT Infrastructure Compliance Analyst helps drive continuous improvement in compliance processes while ensuring accurate reporting, audit preparedness, and adherence to Information Risk Management (IRM) requirements.

ESSENTIAL FUNCTIONS AND RESPONSIBILITIES

Primary duties are listed below. This list is illustrative, not exhaustive; additional duties may be assigned as business needs require.

Compliance Monitoring & Governance

• Monitor and track IT compliance activities to ensure adherence to organizational policies, regulatory requirements, and cybersecurity standards.
• Perform compliance reviews and control monitoring activities across IT infrastructure environments.
• Ensure compliance with Information Risk Management (IRM) policies, security standards, and governance requirements.
• Support policy compliance reviews and governance initiatives across technology teams.
• Assist in maintaining and improving compliance frameworks, processes, and procedures.
• Participate in periodic compliance assessments and control evaluations. Audit Support & Risk Management
• Support internal and external audits by collecting, validating, and maintaining compliance evidence.
• Assist with SOX audits, control assessments, cybersecurity reviews, and regulatory examinations.
• Maintain audit-ready documentation, ensuring evidence is accurate, complete, and readily available. Coordinate with technical teams to address audit findings and control deficiencies.
• Support risk assessments by identifying compliance gaps and assisting with mitigation planning.
• Track remediation activities and ensure timely closure of audit observations.

Control Tracking & Compliance Reporting

• Monitor required IT controls and ensure completion of assigned compliance activities.
• Track control eAectiveness and identify areas requiring remediation or improvement.
• Maintain compliance dashboards, scorecards, and reporting metrics.
• Generate weekly, monthly, and quarterly compliance reports for management and stakeholders.
• Provide visibility into control status, audit readiness, remediation progress, and risk posture.
• Ensure compliance activities meet established timelines and service level expectations.

Vulnerability & Remediation Management

• Support vulnerability remediation tracking and reporting activities.
• Coordinate with Infrastructure, Security, and Application teams to ensure timely remediation of identified vulnerabilities. Monitor remediation progress and escalate overdue findings as necessary.
• Validate closure of remediation activities and maintain supporting documentation.
• Assist with risk-based prioritization of compliance and security findings.
• Documentation & Process Improvement
• Maintain policies, procedures, standards, and compliance documentation.
• Ensure documentation is accurate, current, and audit-ready. Develop and maintain templates, trackers, and compliance reporting mechanisms.
• Identify opportunities to standardize and improve compliance processes.
• Support continuous improvement initiatives related to governance, risk, and compliance activities. Promote best practices for documentation, control management, and audit readiness.

MINIMUM QUALIFICATIONS

Education Bachelor's or Master's degree in Information Technology, Cybersecurity, Information Systems, Risk Management, Business Administration, Computer Science, or a related field; OR Equivalent combination of education, training, and relevant work experience. Experience  2–5 years of experience in IT Compliance, IT Audit, Risk Management, Cybersecurity Governance, Infrastructure Compliance, or related disciplines.  Experience supporting audits, compliance programs, control assessments, or risk management activities.  Experience working with IT infrastructure, cybersecurity, or governance frameworks is preferred.  Candidates with valid U.S. work authorization, including those eligible under STEM OPT, are encouraged to apply. Certifications (Preferred)  CompTIA Security+  Certified Information Systems Auditor (CISA)  Certified in Risk and Information Systems Control (CRISC)  Certified Information Security Manager (CISM)  ITIL Foundation  ISO 27001 Lead Implementer/Auditor (Preferred)

REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES

Compliance & Governance Skills  Knowledge of IT compliance frameworks, governance practices, and risk management methodologies.  Understanding of regulatory requirements, audit processes, and cybersecurity controls.  Familiarity with SOX compliance, control testing, audit evidence collection, and remediation tracking.  Understanding of Information Risk Management (IRM) principles and control frameworks.  Knowledge of vulnerability management and remediation processes. Technical Skills  Understanding of IT infrastructure, operating systems, networking, cloud technologies, and cybersecurity concepts.  Familiarity with vulnerability management platforms, GRC tools, ServiceNow, Jira, or similar systems.  Experience maintaining compliance dashboards and management reporting.  Ability to analyze compliance data and identify trends, risks, and control gaps.  Proficiency with Microsoft Excel, reporting tools, and documentation management.

Professional Skills  Strong analytical and problem-solving abilities.  Excellent verbal and written communication skills.  Strong organizational and documentation skills.  Ability to manage multiple priorities and deadlines simultaneously.  Ability to collaborate eAectively with technical and non-technical stakeholders.  High attention to detail and accuracy.  Ability to work independently and drive initiatives to completion.

PHYSICAL REQUIREMENTS AND WORK ENVIRONMENT

The demands below are representative of those required to perform this role's essential functions. Reasonable accommodations will be made for qualified individuals with disabilities in accordance with applicable laws.  Regularly required to sit, stand, walk, and use computers and oAice equipment.  Work is performed primarily in an oAice or hybrid work environment.  May require occasional travel between oAice locations or client sites.  Ability to participate in audit meetings, compliance reviews, and cross-functional workshops.