Information Security Compliance Analyst
: Job Details :

Quantam Solutions provides IT solutions and consulting for various clients. We offer a competitive hourly wage, health benefits, paid time off, and a 401(k) plan. We're currently seeking an Information Security Compliance Analyst.

JOB DESCRIPTION:

We are seeking a motivated and detail-oriented Information Security Compliance Analyst to strengthen our compliance initiatives and ensure adherence to federal and state regulations. This mid-level role reports to the Information Security Compliance Manager and collaborates with the Chief Information Security Officer (CISO) and cross-departmental teams.

The ideal candidate will have strong experience with regulatory frameworks such as NIST 800-53 (Rev 4 & 5), FedRAMP, HIPAA, and IRS Publication 1075. They will also assist with audits, policy updates, risk assessments, and compliance monitoring. Excellent communication skills and the ability to engage with external agencies and diverse internal teams are critical for success in this role.

KEY RESPONSIBILITIES:

Regulatory Compliance & Framework Alignment

• Lead compliance efforts with NIST 800-53, FedRAMP, IRS Publication 1075, HIPAA, and other federal/state regulations.
• Conduct risk assessments, compliance gap analyses, and audits to identify areas for improvement.
• Ensure adherence to privacy and security controls required by Social Security Administration, Medicare, and Medicaid.

Policy Development and Maintenance

• Review, update, and maintain security policies and procedures to reflect current regulatory requirements and frameworks.
• Provide input on ensuring policies align with Minimum Acceptable Risk Standards for Exchanges (MARS-E) and continuous monitoring guidelines.

Audit and Monitoring Support

• Assist with internal and external audits conducted by federal and state agencies.
• Develop and maintain detailed documentation to support audit findings and resolutions.
• Implement and oversee continuous monitoring practices to ensure compliance at all times.

Collaboration and Stakeholder Engagement

• Collaborate with database, server, and other technical teams to align security practices with compliance needs.
• Communicate effectively with external agencies (e.g., Social Security Administration, CMS, IRS) and internal teams to address compliance requirements.

GRC Tools and Compliance Automation

• Utilize Governance, Risk, and Compliance (GRC) tools, such as Archer, to track and automate compliance processes.
• Stay informed on emerging tools and technologies to enhance compliance efficiency.

Training and Awareness

• Conduct training sessions and awareness campaigns to educate staff on compliance requirements and security best practices.
• Promote a culture of accountability and proactive risk management across the organization.

REQUIRED QUALIFICATIONS:

Regulatory Knowledge: Strong understanding of compliance frameworks, including NIST 800-53 (Rev 4 & 5), FedRAMP, HIPAA, and IRS Publication 1075.

Technical Proficiency: Experience with Security Information and Event Management (SIEM) tools and compliance tracking systems like Archer.

Compliance and Audit Expertise: Demonstrated experience in conducting audits, risk assessments, and compliance gap analyses.

Policy and Procedure Development: Ability to document and maintain security policies and procedures to ensure ongoing compliance.

Communication Skills: Exceptional verbal and written communication skills, with the ability to present complex compliance requirements clearly.

Collaborative Experience: Ability to work with diverse teams, including technical, operational, and external stakeholders.

Incident Response Awareness: Fundamental understanding of incident response processes and their compliance implications.

PREFERRED QUALIFICATIONS

Certifications: CISSP, CISM, CISA, Security+, GSEC, or equivalent certifications.

Education: Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience).

Government Experience: Familiarity with government compliance frameworks and requirements.

FedRAMP Knowledge: Understanding of FedRAMP requirements and their application in secure environments.

Cloud Security Awareness: Knowledge of cloud platforms and tools, with an emphasis on compliance in cloud environments.

KEY ATTRIBUTES

Attention to Detail: Ability to manage and document complex compliance processes involving hundreds of policies and controls.

Resilience Under Pressure: Comfortable managing multiple projects and deadlines without being overwhelmed.

• Proactive Problem-Solving: Aptitude for identifying risks and recommending practical solutions to improve compliance efforts.