Senior Compliance Analyst at Workfront
Lehi, UT, US

The Senior Compliance Analyst, reporting to the Manager, GRC, will help identify and manage company’s compliance regulatory, legislative, and contractual requirements. Responsibilities will include performing reviews, assessments and audits, conducting research, and facilitating communication to internal and external stakeholders where necessary. The position will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements.


Strategy and Planning

  • Improve existing compliance programs and processes.
  • Develop, review, and modify information security and privacy policies.
  • Ability to grow a program from a green field
  • Design and execute audit procedures to assess and measure company compliance with its security policies and procedures.
  • Monitor advancements in information privacy laws to ensure organizational adaptation and compliance.
  • Determine whether a security incident violates a privacy principle or legal standard requiring legal action.
  • Understanding of the three lines of defense for compliance and the ability to identify areas of improvement
  • Analytical and problem solving skills at both a micro and macro level

Compliance and Audit Assessments

  • Manages compliance testing and monitoring of current and future regulatory obligations, and other regulatory matters as required.
  • Conducts internal security risk assessments and security compliance audits.
  • Establishes security audit procedures relevant to ISO 27001, NIST 800-23, HIPAA, FedRAMP, HITRUST, SOC2 Type 2, SOX, etc.
  • Coordinates third-party audits.
  • Coordinate Security Awareness trainings
  • Oversee Third Party Vendor Risk Management


  • Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • Collect, analyze, and prepare reports required for senior management, regulators, and other relevant stakeholders.
  • Document, investigate, and report cybersecurity compliance issues and incidents, where necessary.
  • Work with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
  • Understand, develop, and deliver meaningful reports on the program state and adherence to frameworks and standards.
  • Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders
  • Liaise with relevant parties to commission activities relating to contingency planning, business continuity management, and disaster recovery.


Position Requirements

Knowledge & Experience

  • 5+ years of corporate compliance experience
  • Significant knowledge of and experience with legal and regulatory compliance standards such as ISO 27001, NIST 800-23, HIPAA, HITRUST, FedRAMP, SOC2 Type 2, SOX, etc.
  • Experience with governance, risk, and compliance management.
  • Knowledge of computer networking concepts and protocols and network security methodologies.
  • Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of risk management processes.
  • Knowledge of specific operational impacts of cybersecurity lapses.

Personal Attributes

  • Results oriented, high energy, and self-motivated.
  • Ability to work well under minimal supervision.
  • Excellent verbal and written communication skills.
  • Ability to work in a team-oriented, collaborative environment.
  • Strong problem solving and analytical skills.
  • Ability to handle multiple competing priorities.
  • Ability to meet tight deadlines.