Senior Compliance Analyst

An entertainment company in New York City is actively seeking a driven and analytical professional to join their staff in a remote capacity as a Senior Compliance Analyst. In this role, The Senior Compliance Analyst will ensure adherence to PCI, SOX, and SOC 2 Type II control frameworks and work with stakeholders across the business to collect evidence and validate that all control requirements are met.

Responsibilities:

• Familiarity with major areas of technical compliance, including access management (including UARs), asset management, secure development lifecycle, encryption, segregation of duties, secure configuration management, vulnerability management, secrets rotation, etc.
• Research and recommend security best practices for cloud-based services and infrastructure.
• Assess compliance across AWS, GCP, and Azure environments, including EC2 instances, databases, and storage.
• Evaluate security and compliance for containerized environments (Kubernetes, Docker, etc.).
• Collaborate on strategies to automate compliance monitoring for cloud environments.
• Partner with DevOps and security teams to ensure compliance is integrated into CI/CD pipelines (GitHub, Jenkins, Terraform, Atlantis).
• Help build Compliance as Code and Policy as Code capabilities.
• Identify solutions to automate compliance evidence collection for tools and pipelines.
• Support internal and external audits, ensuring controls are properly implemented and evidenced.
• Develop technical documentation to align with compliance requirements.
• Track compliance requests, deliverables, and key project milestones.

Qualifications/Requirements:

• 5+ years of direct experience (i.e. not just project management) in technical compliance, cyber security, or cloud governance.
• Must have experience collecting and analyzing evidence for controls.
• Hands-on experience with PCI DSS, SOX, and/or SOC 2 Type II compliance frameworks.
• Strong understanding of cloud platforms (AWS, GCP, Azure) and security best practices.
• Experience with Kubernetes, Docker, and container security.
• Familiarity with CI/CD tools (GitHub, Jenkins, Terraform, Atlantis).

Desired Skills:

• Experience with API development and scripting for compliance automation a plus.
• Knowledge of ServiceNow, CMDBs, and risk management platforms (e.g., LogicGate Risk Cloud) is a plus.
• Prior experience at a Big 4 consulting firm (Deloitte, PwC, EY, KPMG) is a huge plus.
• Strong problem-solving and analytical skills
• Attention to detail and ability to effectively communicate status and roadblocks for compliance areas.
• A passion for technology, security, and compliance in a fast-paced environment.
• Effective research, documentation, and organizational skills.
• Excellent communication skills and ability to present to leadership.
• Deadline focused and willing to escalate to leadership if encountering blockers.
• Collaborative mindset with a willingness to explore new solutions.