It Compliance Analyst

Description:

The IT Compliance Analyst will contribute to efforts intended to support Elligo’s compliance, security, and risk management objectives. Primary functions include performance and analysis of IT control activities, management of relevant policies and SOPs, providing consultative support to stakeholders, responding to information requests, and representing IT as a subject matter expert in audits. The IT Compliance Analyst will ensure that systems, applications, and processes align with internal policies, industry standards, and regulatory requirements.

ESSENTIAL DUTIES:

• Support compliance initiatives specific to relevant regulations and frameworks (e.g. NIST, HIPAA, FDA, SOC-2).
• Assess, evaluate, and make recommendations regarding the adequacy of the security/ IT controls for Elligo's environment and business objectives.
• Perform periodic access reviews and other identified control activities.
• Create and report on remediation plans and progress for all identified IT control deficiencies.
• Author or collaborate on technology-oriented policies, SOPs, and work instructions with business owners and technical leads to ensure alignment with corporate policies, industry standards, and regulations.
• Support business owners and technical leads to ensure software acquisition, implementation, and development align with SOP and policy requirements.
• Govern the process of compiling validation package documents for new systems. Retrospectively review validation packages for compliance with corporate policies, industry standards, and regulations. Design ongoing quality reviews and maintain validation/SDLC documentation for systems.
• Coordinate IT responses to customer requests for information, including customer audits, vendor qualifications, risk assessments and regulatory inspections. Maintain a list of responses to frequently asked questions.
• Participate in customer audits and regulatory inspections. Collaborate with Quality Assurance to execute internal and external audits. Represent IT as subject matter expert including controls, security, and privacy.
• Responsible for the maintenance of the IT application inventory.
• Monitor and maintain a list of system-specific licensing, working with Legal and business owners to ensure our agreements are fulfilled.
• Maintain a working knowledge and reference library of technical quality guidance from NIST, FDA, US-HHS, EMA, International Council for Harmonization of Technical Requirements, and other regulatory authorities.
• Support review and reconciliation of departmental expenditures to provide budgetary input for functional leads and VP, Information Technology.

SUPERVISORY RESPONSIBILITIES:

None

Requirements:

QUALIFICATIONS:

• Proficient knowledge of general concepts of internal controls, risk assessments and information security.
• Proficient experience with auditing techniques, compliance tools, and control environments.
• Experience in formalizing process flows, procedures, and policies.
• Proficient knowledge of security, compliance, and regulatory requirements related to HIPAA, data privacy, clinical research, and corporate proprietary information.
• Experience with cloud governance, applications, and infrastructure.
• Experience with NIST, SOC 2, HITRUST, GAMP, and/or ISO 27001 is preferred.
• Must be able to research and offer opinions, conclusions and solutions based on the research.
• Clear and concise written and oral communication skills, including the ability to present ideas and suggestions clearly and effectively.
• Ability to collaborate effectively and professionally with functional groups and different levels of employees throughout Elligo to achieve results.
• Ability to accomplish multiple tasks within the agreed-upon timeframes through effective prioritization of duties and functions in a fast-paced environment.
• Self-motivated; able to work with minimal direct supervision to complete tasks, respond to requests, escalate appropriately, and collaborate with others to provide actionable solutions.

EDUCATION AND EXPERIENCE:

• Bachelor’s degree in computer science, systems analysis, computer security or a related field.
• Minimum 3-4 years of experience in IT risk and compliance management, IT auditing, or a similar control function environment
• Position-relevant continued education such as certifications is desirable.