IT Compliance Analyst

Summary

The IT Compliance Analyst is responsible for ensuring that the financial services group and its subsidiaries adhere to industry regulations, internal policies, and best practices related to IT compliance, audit, and cybersecurity risk management. Operating across multiple local and regional jurisdictions with distinct regulatory frameworks, this role demands expertise in cross-border regulatory compliance, data protection, IT governance, and risk management. The analyst will develop, implement, and oversee IT compliance programs that align with the organization’s business strategy and regulatory obligations.

Responsibilities

• • Ensure ongoing compliance with IT regulations, financial services laws, and data protection frameworks across multiple jurisdictions.
• • Develop, implement, and maintain IT governance policies aligned with international standards such as ISO 27001, NIST, COBIT, GDPR, JDPA, PCI-DSS, and ITIL.
• • Track and assess regulatory developments, ensuring timely updates to policies and compliance strategies.
• • Serve as a liaison with regulatory bodies, facilitating audits and ensuring all compliance reporting requirements are met.
• • Conduct IT risk assessments and proactively identify vulnerabilities and compliance gaps.
• • Monitor and evaluate the effectiveness of IT security and compliance controls.
• • Define and track key compliance metrics (KPIs) and guide remediation efforts across IT and business units.
• • Lead and support internal and external IT audits, ensuring timely execution and effective resolution of findings.
• • Perform self-audits and control testing to assess ongoing compliance and risk exposure.
• • Implement continuous improvements to audit processes and prevent recurring issues.
• • Assess third-party vendors for compliance with contractual and regulatory standards.
• • Collaborate with procurement and IT teams to enforce vendor compliance requirements, especially for cloud-based and outsourced services.
• • Support IT security incident response and ensure timely regulatory reporting of breaches.
• • Implement monitoring controls to detect, report, and remediate compliance violations.
• • Oversee compliance with data privacy regulations, including data classification, encryption, retention, and cross-border transfer controls.
• • Support privacy impact assessments and data protection initiatives in collaboration with legal and security teams.
• • Ensure IT alignment with business continuity and disaster recovery standards, including regular testing and risk assessments.
• • Monitor and report on system recovery objectives (RTO/RPO) for critical infrastructure.
• • Develop and deliver IT compliance and cybersecurity awareness training for staff.

Required Skills

• • Understanding of IT security principles, controls and related technologies.
• • Familiar with data privacy and other regulatory standards (i.e. NIST 800, ISO/IEC 27002, GDPR, PCI, ITIL, JDPA).
• • Capable of interacting with individuals of differing levels of experience and expertise.
• • Strong analytical, problem solving and decision-making skills.
• • Excellent presentation and communication skills, both written and verbal.
• • Excellent interpersonal, negotiation and mediation skills.
• • High level of initiative and flexibility.

Qualifications

• • Bachelors degree in Computer Science/Audit/IT Governance or related area.
• • Minimum three (3) years of relevant experience in a similar role; IT audit and risk management experience are considered an asset.
• • CISA, CGEIT and CIPM certifications or equivalent are desirable.

Share This Job