What is an IT Risk and Compliance Analyst?

An IT risk and compliance analyst monitors and evaluates IT, security, network, server and account user data. Their goal is to continually protect organizational assets, information and technologies. They seek to identify external threats and internal vulnerabilities in order to prevent or control them. IT risk and compliance professionals are part of IT security management teams who enforce best practices, authoritative standards and regulatory requirements. They enhance organizational information risk and compliance management programs. They may be involved in data policy, classification, management and assessment activities.

Basic Duties

IT risk and compliance analysts help IT management with the implementation of IT policies and procedures that support control objectives, information assurance and regulatory compliance activities. They analyze IT risks to understand appropriate and adequate control procedures that protect assets and deter attacks. They serve as information risk and control advisors to management by participating in IT security processes and activities. For example, they may be involved in the planning, development and selection of new enterprise resource planning software. They may implement both manual and automated IT administrative controls into existing processes and systems.

IT risk and compliance analysts use their knowledge of security risks and company objectives to identify and maintain tools that support information assurance, regulatory compliance and tracking activities. They may be asked to update and maintain IT control documentation, such as narratives and process flows, but they may also be asked to simplify and streamline complex information requests while saving time and maintaining compliance levels. IT risk and compliance analysts participate in data breach and security investigations. They may work with internal auditors and external regulators to ensure IT compliance.

Advanced Duties

Senior IT risk and compliance analysts may supervise information security, risk management or IT compliance teams. They work with management and chief information offers to promote and execute sustainable information security programs and strategies. They may train IT professionals on new IT security tools and techniques. Senior IT risk and compliance analysts may oversee staff who collect and review data to generate support analysis and risk reports. This means that they must track and supervise information security projects, tasks and risk assessments. They provide executives with updates and status reports relevant to ongoing IT security issues.

A senior IT risk and compliance analyst who works in a heavily regulated industry, such as finance or health care, will assess the level of compliance with state and federal government information security regulations. They will compare internal performance against internal policies, standards and best practices. They may classify and categorize the levels of compliance with information controls. To illustrate, they may evaluate compliance with SEC regulations for investment companies. They will evaluate compliance with HIPPA and ACA regulations for health care companies.

Related Resource: Jobs in Database Management

IT risk and compliance analysts will be expected to have a bachelor’s degree in computer science, systems engineering or management information systems. Senior positions will require a master’s degree and experience with enterprise-wide systems, policies and standards. Employers will want IT risk and compliance analysts to have experience or training in audits and risk assessments. Some employers will want IT risk and compliance analysts to have professional certifications like the Certified Information Systems Auditor (CISA) or the Certified Information Systems Security Professional (CISSP).