IT Compliance Analyst

Job Details

Description
The IT Compliance Analyst supports the organization's compliance and risk management programs by coordinating assessments, audits, and certifications across frameworks such as HITRUST, SOC, HIPAA, and NIST. This role helps maintain a strong IT compliance posture by managing evidence, monitoring control performance, maintaining documentation, and partnering closely with IT, Security, Privacy, Legal and external auditors. The Analyst also contributes to continuous improvement efforts, compliance automation initiatives, and reporting that supports leadership visibility and informed decision-making.

Key Responsibilities
Assessment & Audit Support

• Coordinate internal and external compliance assessments, audits and certifications.
• Prepare, organize, and manage evidence to meet control and audit requirements.
• Track remediation activities and ensure timely closure of identified gaps.
• Maintain audit-ready documentation and support readiness reviews.
• Additional duties as assigned

Compliance Program Management

• Support development and maintenance of compliance frameworks, policies, and procedures.
• Monitor regulatory and framework changes, updating controls and documentation as needed.
• Participate in risk assessments and control evaluations to identify opportunities for efficiency, automation and continuous improvement.
• Conduct and/or support periodic control testing and continuous monitoring to validate control effectiveness and compliance readiness.
• Contribute to compliance metrics, dashboards and trend reporting for leadership visibility.

Collaboration & Communication

• Partner with IT, Security, Privacy, Legal and Operations to ensure consistent compliance practices.
• Collaborate with Privacy and Data Governance teams to ensure alignment with HIPAA, CCPA, GDPR and other data protection regulations.
• Communicate compliance requirements, audit findings and remediation progress clearly to stakeholders at all levels.
• Support awareness and training initiatives promoting compliance and data protection.
• Promote a culture of accountability and continuous improvement.

Qualifications

• Bachelor's degree in Business Administration, Risk Management, Healthcare Administration, Legal/Paralegal Studies, Information Security or related field (or equivalent experience).
• 2–5 years of experience in compliance, audit, or information security.
• Working knowledge of regulatory frameworks (HITRUST CSF, SOC, HIPAA).
• Familiarity with healthcare regulatory authorities and governance areas (CMS, HHS, OCR, OIG).
• Experience coordinating audits and managing evidence requests across diverse teams.
• Strong organizational, analytical, and communication skills; detail-oriented and adaptable.

Preferred Skills

• Experience supporting HITRUST certification or readiness assessments.
• Collaboration with legal teams and practices including regulations, policies and contracts.
• Familiarity with GRC tools (e.g., Archer, ServiceNow GRC, ProcessUnity, OneTrust).
• Utilization of compliance automation tools (e.g., Conveyor, Drata, Vanta, Winify AI).
• Certifications such as HITRUST CCSFP, CISA, CISM, CRISC, CGEIT, or CISSP.

Pay Range
CorVel uses a market based approach to pay and our salary ranges may vary depending on your location. Pay rates are established taking into