Senior Security Compliance Analyst

Description

As the Senior Security Compliance Analyst, you are a vital member of the Security team, spearheading Governance, Risk, and Compliance (GRC) programs across a sophisticated, cloud-first enterprise environment. This role requires robust experience in risk-based security assessments, audit management, and multi-framework regulatory compliance—including expertise with HITRUST, HIPAA, and SOC 2. You will champion the automation of security controls, process innovation, and strategic cross-functional partnerships, thereby ensuring the protection of sensitive data, sustaining audit readiness, and advancing a proactive security and compliance culture.

Requirements

Key Responsibilities

- Lead Regulatory Audit Initiatives: Strategically direct and execute SOC 2 Type 2, HITRUST, HIPAA, and other third-party audit engagements. Manage the full lifecycle of compliance audits, from planning through remediation, including the facilitation of cross-departmental collaboration, evidence coordination, interviews, and tracking of findings through to closure.

- Risk Management for Cloud Platforms: Drive and perform comprehensive risk assessments across multi-cloud environments. Ensure controls are aligned with frameworks such as NIST CSF, NIST SP 800-53, ISO/IEC 27001, and governance frameworks.

- HITRUST Program Ownership: Champion Nexus’s HITRUST CSF program, conduct maturity and baseline assessments, monthly audits, identify control deficiencies, evaluate for HITRUST R2 readiness, and partner with internal and external stakeholders to drive certification efforts.

- Customer Assurance & RFI/RFP Support: Develop, maintain, and automate a centralized security knowledge base for accelerated and consistent responses to client security questionnaires, RFPs, and assurance requests.

- Regulatory & Data Governance Compliance: Assess and strengthen compliance posture with all relevant federal and state data protection requirements (e.g. HIPAA, HITECH, HITRUST), and lead the development of data governance policies and risk mitigation strategies.

- Third-Party & Vendor Risk Management: Lead and enhance due diligence, onboarding, and continuous monitoring for third-party security risk. Maintain and improve tools and processes for ongoing vendor risk assessments.

- Process Innovation & Automation: Identify, design, and implement workflow automation opportunities and integration of new compliance solutions. Champion technology-driven process improvements to maximize efficiency in audit, investigation, and reporting activities.

- Continuous Program Improvement: Monitor, analyze, and communicate emerging regulatory requirements, threat landscape changes, and best practices in cloud security and compliance. Proactively adapt Nexus’s compliance programs to maintain leading-edge posture.

Qualifications and Skills: 

- Bachelor’s degree; Master’s degree (MSc, MBA, or equivalent) preferred.

- 6+ years of progressive experience in security compliance, GRC, IT audit, or IT risk assessments.

- Industry certifications required: Certified Information Systems Auditor (CISA) and Project Management Professional (PMP) or an equivalent project management certification

- Demonstrated experience leading or managing compliance audits and assessments for SOC 2, HIPAA, HITRUST; experience with FedRAMP, ISO 27001, or other frameworks a plus.

- In-depth knowledge of HIPAA, HITECH, and other security and data protection regulations.

- Proven success in cross-functional leadership, project management, and agile delivery of results in high-growth, fast-changing technology organizations.

- Outstanding written and verbal communication skills, including the ability to interface effectively with all levels of technical and business stakeholders.

- Ability to exercise sound judgment, manage sensitive and confidential information, and provide clear direction in ambiguous situations.

- Commitment to ongoing professional development and maintaining relevant security, audit, and cloud compliance certifications.

Position Demands:

This position requires sitting, bending, and stooping for up to 8 hours per day in an office setting. Ability to lift and move objects weighing up to 10 lbs. Ability to learn technical material. The person in this position occasionally needs to move about inside the office to access filing cabinets, office machinery, etc. Must be able to operate a computer and other office productivity machinery such as a calculator, copy machine, printer, etc. The person in this position frequently communicates with guests, team members, and vendors and must be able to exchange accurate information.

Equal Employment Opportunity (Our EEO Statement)

The Company is a veteran-owned Company and provides Equal Employment Opportunities (EEO) to all Team Members and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender (including gender identity), pregnancy, childbirth, or a medical condition related to pregnancy or childbirth, national origin, age, disability, genetic information, status as a covered veteran in accordance with applicable federal, state, and local laws, or any other characteristic or class protected by law and is committed to providing equal employment opportunities. The Company complies with applicable state and local laws governing non-discrimination in employment. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, promotion, discharge, pay, fringe benefits, membership, job training, classification, and other aspects of employment. Team Members who believe they are the victims of discrimination should immediately report the concern to their Supervisor and Human Resources Department. Discrimination and harassment will not be tolerated.

We are committed to creating an inclusive environment for all Team Members and applicants. We value the unique skills and experiences that veterans bring to our team and encourage veterans to apply.  

Disclaimer

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of our personnel. All team members may be required to perform duties outside of their normal responsibilities from time to time, as needed.