Information Technology Compliance Analyst

Job Summary The Information Technology Compliance Analyst supports and strengthens the Leavitt Group’s compliance posture across both central IT operations and the company’s distributed network of insurance agencies. This role focuses on advising teams, guiding compliance initiatives, facilitating governance processes, and helping ensure organizational alignment with regulatory, contractual, and industry-standard requirements (including HIPAA, SOC 2, and other recognized frameworks). The analyst partners with IT, HR, Legal, Operations, and agency leadership to assess compliance needs, recommend practical controls, and support continuous improvement efforts. This position also manages the IT compliance training program and leads the company’s Security Committee processes. Key Responsibilities Compliance Program Support & Advisory · Provide guidance to IT teams to help align processes and controls with regulatory, policy, and audit requirements. · Advise on compliance expectations related to HIPAA, SOC 2, NAIC-aligned cybersecurity principles, and general data protection standards. · Support the maintenance of IT compliance documentation, including policies, control catalogs, risk registers, and audit evidence repositories. · Conduct compliance assessments, monitor control effectiveness, identify gaps, and support remediation efforts—without directing or owning operational execution. Agency Advisory & Certification Support · Collaborate with agency leadership to evaluate whether pursuing certifications (e.g., SOC 2 or ISO-based frameworks) would benefit their business operations. · Help agencies interpret certification requirements and understand “right-sized” controls appropriate for their environment. · Assist agencies in designing practical, achievable control sets and participate in remediation planning where needed. Governance & Security Committee Leadership · Own and facilitate in conjunction with the Security Team the process, including agenda development, meeting facilitation, tracking action items, and providing updates to IT leadership. · Coordinate input from IT, HR, Legal, and Operations to ensure comprehensive governance coverage. Training Program Ownership · Manage the full lifecycle of IT-related compliance training, including annual IT security training, HIPAA training, phishing/social engineering campaigns, and other mandated content. · Develop and implement training assignments, monitor completion rates, and report metrics to leadership. · Partner with HR to implement HR-directed training (e.g., anti-harassment), ensuring accurate assignment while HR owns content and audience decisions. Vendor & Third-Party Risk Management · Support vendor security due diligence processes, including reviewing SOC 2 reports, assessing control sufficiency, and identifying potential risks. · Track vendor remediation items and follow up with responsible internal stakeholders. Audit & Assessment Support · Assist with internal and external audits, including evidence gathering, preparation, coordination with subject-matter experts, and documentation. · Support regulatory inquiries and customer due-diligence requests as needed. Reporting & Metrics · Track, measure, and report on compliance and training KPIs, including trends, gaps, completion rates, and remediation progress. · Provide clear, actionable reporting to IT leadership and other stakeholders. · Business Continuity Participation · Contribute to maintaining and updating business continuity and disaster recovery documentation. · Participate in exercises or reviews as requested (not responsible for operational response activities). Continuous Improvement · Stay current with evolving regulatory requirements and cybersecurity/compliance best practices within the insurance and financial services industry. · Recommend updates to compliance processes, controls, and policy frameworks to enhance effectiveness and efficiency. Qualifications Education · Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field preferred but not required. · Professional certifications related to compliance are a strong plus. Experience · 2–5 years of experience in IT compliance, IT audit, information security governance, or a related field. · Understanding of regulatory and industry frameworks such as HIPAA, SOC 2, NAIC cybersecurity principles, and general data protection standards. · Experience supporting compliance certifications or external audits preferred. Skills · Strong analytical and problem-solving abilities with the ability to break down complex requirements into practical actions. · Excellent written and verbal communication skills tailored to both technical and non-technical audiences. · Ability to manage multiple tasks, deadlines, and stakeholders in a dynamic environment. · Familiarity with compliance management tools, training/LMS platforms, or GRC solutions. · High attention to detail and commitment to accuracy and completeness. Work Environment · Remote work environment with standard office equipment. · Collaborates regularly with IT, HR, Legal, Operations, and agency leadership across the organization. Travel · Occasional travel will be required. Job Type · Full-time; reports to an IT Manager. Work Location · Remote Job Type: Full-time Pay: $70,000.00 - $90,000.00 per year Application Question(s): • Have you personally led or directly supported a company through a SOC 2 Type II audit within the last 3 years? • Have you been responsible for collecting evidence, maintaining controls, and working directly with auditors during a SOC 2 Type II audit? • Have you managed a company-wide cybersecurity training program (e.g., phishing simulations, mandatory annual training) and tracked employee compliance metrics? • Have you been responsible for keeping public-facing websites compliant with state-level regulations? • Are you familiar with state privacy laws such as CCPA/CPRA, Colorado, Virginia, Utah, and others, and have you applied them in a business environment? Work Location: Remote Apply tot his job