IT Compliance and Security Analyst

Position Title:
IT Compliance and Security Analyst (Full-time, Non-exempt)

 

Who’ll You Report to: Senior Director of Information Technology 

Job Description 

The IT Compliance and Security Analyst works closely with both the Compliance and IT departments to strengthen security controls, mitigate risk, and ensure alignment with privacy and security standards. This role collaborates across departments to identify control gaps, support audits, and maintain policies, procedures, and technologies that protect the organization’s networks, systems, applications, and data. Acting as a trusted partner to business units, the analyst ensures that privacy and security controls are effective and aligned with industry’s best practices. Additionally, the role supports day-to-day security operations by monitoring alerts, tools, and activities, and works alongside the Security Officer to help maintain the overall integrity of the organization’s security posture. 
 

Key Responsibilities: 

Security Monitoring & Analysis:

• Monitor network activity and perform intrusion detection analysis using tools such as IDS/IPS, firewalls, and Managed Detection & Response (MDR) services. 
  

Audit Logging & Monitoring: Ensure that audit logging and monitoring activities are performed according to established timeframes, including but not limited to: 

• IDS/IPS alerts 

• Application firewall alerts 

• Malware detection 

• Vulnerability scans and related alerts 

• File integrity monitoring (FIM) 

• Rogue wireless network alerts 

• System health alerts 

• Exploit attempt alerts 

• Access and privilege reviews 

• Administrator and operator activity logs 

• Message transmission logs
  
• System, application, and server activity logs

Audit & Compliance Participation: Support and actively participate in internal and external audits, compliance reviews, and regulatory initiatives such as: 

• HITRUST Certification 

• SOC 1 and SOC 2 audits 

• Business Continuity and Disaster Recovery planning 

• Privacy and security policy evaluations 

• Effectiveness assessments and continuous improvement efforts 

Security Standards & Communication:

• Maintain up-to-date knowledge of external audit requirements and security control standards. Communicate updates across departments and ensure shared responsibility for audit and compliance activities. 

Vulnerability Management:

• Conducting internal and external vulnerability scans and penetration testing 

• Documenting and tracking remediation efforts 

• Monitoring threat intelligence sources for emerging vulnerabilities and patches 

• Taking a risk-based approach to assess and prioritize remediation 

• Recommending mitigation strategies to appropriate stakeholders 

Security Incident Response: 
Serve as the initial point of contact for evaluating and triaging security incidents. Conduct technical investigations, perform root cause analyses, and coordinate with stakeholders to implement corrective actions. 

Risk Assessments: 
Participate in enterprise risk assessments, including vendor and third-party risk evaluations. Support security reviews of entities that connect with or transmit PHI/PII through Vimly’s systems. 

Security Tool Evaluation: 
Collaborate with the Senior Director of Information Security, IT, and Compliance teams to assess and improve security tools, configurations, policies, and procedures. 

Security Training: 
Ensure that security training content is current, comprehensive, and aligned with Vimly’s environment, controls, and industry’s best practices. 

Additional Duties: 
Perform other duties and responsibilities as assigned. 

Qualifications: 

• BA/BS degree in computer engineering or related field OR equivalent work experience in information technology 

• Knowledge of information security standards and the importance of information security ensuring ongoing mission critical business functions 

• Knowledge of information risk concepts and principles, and relating business needs to security controls
  
• Knowledge of the principles, practices, theories and concepts of information security related to network, workstations, servers, and applications.
  
• CISA, CIA, CISM, or CISSP certification or similar program that enhances the expertise necessary to be successful for this position.   

What Will Help You Excel:  

• High level of integrity and determination to act in the best interest of Vimly, regardless of popularity of position 

• Alignment with Vimly’s core values, fundamentals and strategic goals 

• Demonstrates and maintains a high degree of professionalism 

• Supports and acts in accordance with
  the Vimly's customer service standards 

• Excellent interpersonal and communication skills to foster cooperation amongst business partners 

• Cross functional and departmental collaboration skills 

• Demonstrated project management, analytical, and problem-solving ability 

• Ability to work independently with minimal daily direction from manager  

• Adaptable, flexible, works well under pressure, and able to work well under ambiguity  

• Self-starter, multitasker and follows through on tasks 

• Driven by results and able to quickly conquer the learning curve  

• Strong attention to detail