Policy And Compliance Analyst

Summary

Join Quantum Metric as a Policy & Compliance Analyst and play a key role in supporting the organization’s compliance program for Cloud Operations, Security, Engineering, and Privacy. You will assist in tracking, improving, and maintaining the organization’s IT processes, ensuring they meet audit requirements. This role also supports the organization’s privacy and security strategy, coordinating compliance activities across departments. Responsibilities include supporting audit processes, completing customer security questionnaires, monitoring cloud operational metrics, and creating documentation. Quantum Metric values diverse backgrounds and experiences, focusing on the unique perspective you can bring. The company offers a remote-first work environment and numerous benefits.

Requirements

• Bachelor's Degree in Computer Science, Information Security, or related field
• Familiarity and knowledge with relevant legal and regulatory requirements like SOC 2, ISO 27001, HIPAA, and Payment Card Industry/Data Security Standard (PCI.)
• Excellent verbal, written and organization skills
• Experience in IT compliance, Cloud technologies, security engineering, application security, and data privacy
• Knowledge of information risk concepts/related business needs to security controls
• Passion for working in a team-driven environment, with a commitment to continuous learning and professional growth

Responsibilities

• Responsible for supporting our Risk Assessment, Internal Audit, SOC 2 + HITRUST, and ISO 27001 audit processes, helping with the continuous update and maintenance of compliance policies, and tracking compliance efforts
• Assist in the completion of customer security and due diligence questionnaires, ensuring timely and accurate submissions
• Monitor cloud operational metrics, working closely with the security team on policy alignment, and supporting the development of remediation strategies and mitigation controls for any identified compliance gaps or risks
• Assist in leading company wide initiatives around annual certification/audit objectives for SOC 2, HITRUST, ISO 27001, PCI, or other standards as needed, including working directly with external auditors to support audit efforts
• Create and maintain documentation, such as policies and procedures
• Obtain, review, and refine organizational IT policies, standards, and procedures to identify control points that would assist in mitigating risk to the business
• Assist in the maintenance and accuracy of various compliance tools
• Work through and lead customer security questionnaire requests
• Ensure all information technology systems, activities, policies, and procedures fully comply with applicable laws, standards, and regulations
• Work with Cloud Ops, Engineering and Information Security to ensure full and complete implementation of IT controls, standards and policies
• Review test results or interpret evidence to address vulnerabilities, gaps, or control deficiencies; work with stakeholders to establish plans for sustainable resolution
• Assists in the execution of IT & security risk assessments and conducts related ongoing compliance monitoring activities
• Perform other tasks as necessary to ensure that compliance meets its commitments to stakeholders

Benefits

• Medical, Dental, Vision Insurance (99% Medical base plan paid by the Company)
• FSA, DCFSA, and HSA accounts
• Employee Assistance Programs (EAP)
• Telehealth options
• Voluntary Life & AD&D, STD, LTD, Critical Illness and Accident
• Healthy Rewards – Discount Programs
• Discounts on Pet Insurance
• 401k (with employer match) and Options / Equity
• 13 company holidays
• Unlimited Paid Time Off
• Sick leave
• Parental/Adoption Leave
• Promotional opportunities
• Rewards and recognition programs
• Robust onboarding and training program
• One-time stipend for work-at-home employees
• Monthly business expense stipend
• Flexible work environments
• Employee Discount Program (Perks at Work)
• Employee Referral Program
• Lead Referral Program
• MacBook and awesome swag delivered to your door
• Encouraging and collaborative culture
• RECHARGE PROGRAM (after 3 years, disconnect for 3 weeks, no email/slack)