An entertainment company in New York City is actively seeking a driven and analytical professional to join their staff in a remote capacity as a Senior Compliance Analyst. In this role, The Senior Compliance Analyst will ensure adherence to PCI, SOX, and SOC 2 Type II control frameworks and work with stakeholders across the business to collect evidence and validate that all control requirements are met.
Responsibilities:
- Familiarity with major areas of technical compliance, including access management (including UARs), asset management, secure development lifecycle, encryption, segregation of duties, secure configuration management, vulnerability management, secrets rotation, etc.
- Research and recommend security best practices for cloud-based services and infrastructure.
- Assess compliance across AWS, GCP, and Azure environments, including EC2 instances, databases, and storage.
- Evaluate security and compliance for containerized environments (Kubernetes, Docker, etc.).
- Collaborate on strategies to automate compliance monitoring for cloud environments.
- Partner with DevOps and security teams to ensure compliance is integrated into CI/CD pipelines (GitHub, Jenkins, Terraform, Atlantis).
- Help build Compliance as Code and Policy as Code capabilities.
- Identify solutions to automate compliance evidence collection for tools and pipelines.
- Support internal and external audits, ensuring controls are properly implemented and evidenced.
- Develop technical documentation to align with compliance requirements.
- Track compliance requests, deliverables, and key project milestones.
Qualifications/Requirements:
- 5+ years of direct experience (i.e. not just project management) in technical compliance, cyber security, or cloud governance.
- Must have experience collecting and analyzing evidence for controls.
- Hands-on experience with PCI DSS, SOX, and/or SOC 2 Type II compliance frameworks.
- Strong understanding of cloud platforms (AWS, GCP, Azure) and security best practices.
- Experience with Kubernetes, Docker, and container security.
- Familiarity with CI/CD tools (GitHub, Jenkins, Terraform, Atlantis).
Desired Skills:
- Experience with API development and scripting for compliance automation a plus.
- Knowledge of ServiceNow, CMDBs, and risk management platforms (e.g., LogicGate Risk Cloud) is a plus.
- Prior experience at a Big 4 consulting firm (Deloitte, PwC, EY, KPMG) is a huge plus.
- Strong problem-solving and analytical skills
- Attention to detail and ability to effectively communicate status and roadblocks for compliance areas.
- A passion for technology, security, and compliance in a fast-paced environment.
- Effective research, documentation, and organizational skills.
- Excellent communication skills and ability to present to leadership.
- Deadline focused and willing to escalate to leadership if encountering blockers.
- Collaborative mindset with a willingness to explore new solutions.
