IT Compliance Analyst

SpecterOps is searching for a junior to mid-level IT Compliance Analyst to join our Compliance team, working to ensure that our business practices align with the compliance frameworks the company currently operates within. This position will aid in the growth and development of the Compliance team and IT solutions used to maintain the Compliance program. This role reports directly to the IT Compliance Manager.

This position’s primary duty will be supporting and documenting the use of IT solutions leveraged to manage various Compliance tasks in ensuring the availability, confidentiality, and integrity, of SpecterOps organizational data and systems.  

• →Manage incoming security questionnaires and customer assurance requests and assessments end-to-end, coordinating with Engineering, Security, and other internal stakeholders to provide accurate, timely responses
• →Maintain and update the customer assurance knowledge library and trust center documentation to ensure content is current and accurate
• →Review incoming contracts and identify compliance-related requirements, obligations, or risks, escalating findings to Legal as appropriate
• →Support the development and maintenance of reusable response frameworks and standard documentation to improve the efficiency of the customer assurance process
• →Execute recurring compliance activities within assigned control domains, including evidence collection cycles, control attestations, and scheduled review tasks
• →Manage findings and evidence renewals in the GRC platform, ensuring controls remain current and audit-ready
• →Daily monitoring of compliance IT solutions for the identification and resolution of out of compliance end users, devices, and other company assets
• →Contribute to the development, review, and maintenance of company policies, security controls, and supporting documentation
• →Support the preparation for and completion of internal and external compliance audits, including evidence gathering and auditor coordination within assigned scope
• →Stay current on the evolution of relevant compliance frameworks and communicate changes to team members and leadership
• →Perform vendor due diligence and compliance reviews for vendor evaluation requests, documenting findings and requirements in relevant systems
• →Coordinate with SecOps to review vendor risk findings and track remediation to resolution
• →Support the continuous improvement of vendor risk assessment processes and documentation standards
• →Stay up to date on the evolution of compliance frameworks, providing updates to team members, departments, and management when changes occur
• →Educate and train team members, departments, and management on security best practices that align with compliance frameworks
• →Additional duties as assigned

• 1-5 years of experience in IT Security, Compliance, Operations, or other technical, customer-facing roles within the tech industry
• Ability to quickly learn new technologies and have an ongoing desire to stay current with the latest developments in Compliance
• Strong attention to detail and written and oral communication skills
• Ability to organize and prioritize groups of tasks
• Desire to embody our core values of passionate curiosity, consistent improvement, empathy, sustainability, humility, and empowerment through transparency.
• Successfully complete a criminal background investigation
• Ability to work west coast hours
• Travel: up to 25%

• Bachelor of Science in Computer Science or related field is preferred
• Experience with compliance IT solutions like Conveyor and Drata
• Experience with compliance audits, working with external auditors
• Experience administering Active Directory or Azure
• Experience with open-source BloodHound, BloodHound Enterprise, or BloodHound CE