IT Compliance Analyst

Overview

The Senior IT Analyst will play a critical role in ensuring Quarterhill’s compliance with key regulatory frameworks, such as PCI and SOC 1&2. This role demands strong technical writing skills to produce clear, comprehensive documentation for both internal stakeholders and external auditors. The analyst will work closely with external security and compliance vendors to conduct risk assessments, address audit findings, and continuously improve the organization’s security and compliance posture.

Responsibilities

• Risk Assessment & Compliance
• Collaborate with security and compliance vendors to plan and support annual risk assessments, ensuring alignment with PCI, SOC 1, and SOC 2 (Type 1 and Type 2) reporting requirements.
• Evaluate the organization’s current and future compliance with NIST 2.0, GDPR, and ISO 27001 standards, recommending improvements where needed.
• Technical Writing & Cross-Functional Collaboration
• Leverage strong technical writing skills to create policies, procedures, and audit deliverables that clearly map requirements to controls.
• Collaborate with cross-functional teams (e.g., IT, Finance, Operations) to ensure timely delivery of contractual obligations and security requirements.
• Review and evaluate client proposal requirements to align them with current security compliance standards and best practices.
• Audit Coordination & Documentation
• Review, document, and maintain IT key controls, identifying exceptions and deficiencies.
• Convert findings into trackable remediation deliverables, coordinating with cross-functional teams to implement corrective actions.
• Drive internal and external audits to completion, managing timelines and ensuring quality deliverables.
• Maintain comprehensive and accurate documentation of all audit activities, ensuring evidence integrity and traceability.
• Issue Management & Reporting
• Identify and maintain a list of compliance risks, actively tracking mitigation plans and escalations.
• Present findings, recommendations, and status updates in both written and verbal formats to leadership and stakeholders.
• Produce customer-facing compliance documentation and address security-related inquiries from clients or partners.
• Project & Time Management
• Manage multiple, simultaneous compliance projects, ensuring timely, high-quality outcomes.
• Proactively communicate project status, risks, and dependencies to leadership and team members.
  
  

This list of responsibilities may not reflect all tasks that you may be required to perform in this role.

Qualifications

Basic Qualifications

• Bachelor’s degree in Computer Science, Technical Writing, Business, or a related field is mandatory. Equivalent military experience (e.g., communications or cyber-MOS) is a plus.
• 3-5 years of experience in IT auditing, corporate internal audit, or professional technical writing with a focus on compliance or security.
• U.S. work authorization without the need for sponsorship.
  
  

Preferred Qualifications

• Technical Skills
• Proficiency with MS SharePoint, MS Excel, and MS Word is essential.
• Understanding of computer and software development life cycles (SDLC) required.
• Industry Experience
• Transportation industries a plus.
• At least two full document deliverable life cycle in technical domains.
• Compliance & Audit Expertise
• Proven ability to document audit findings clearly and concisely while maintaining proper evidence.
• Experience conducting root cause analysis for control deficiencies and driving remediation.
• Additional Certifications (Optional)
• CISA, CRISC, or ISO Lead Auditor certifications are advantageous but not required.
• Familiarity with NIST 800-53, ITIL, or other frameworks is a plus.
  
  

Benefits

We offer a Total Rewards plan designed with you and your family’s health and wellness in mind that includes:

• Paid days off (i.e. vacation, sick days, bereavement leave)
• Health and Dental plans
• Retirement plans
• Employee and Family Assistance Program (EFAP)
• Employee referral program
  
  

We welcome applicants from all backgrounds, regardless of race, color, religion, sex, veteran status, sexual orientation, gender identity, national origin, age, or disability or any other protected characteristics in accordance with applicable federal, state/provincial, and local laws. We're committed to creating a workplace where everyone feels valued and respected.

We appreciate all responses and will acknowledge only those being considered for an interview.

We respectfully request no calls or unsolicited resumes from Agencies.