IT Compliance Officer

Blue coloured background

IT Compliance Officer

03/10/2023 ● Scottsdale, Arizona ● Direct Hire

Job Title: IT Compliance Officer
Duration: Perm
Location: Hybrid in Phoenix/Scottsdale, Arizona

Definition:  Under general supervision of the IT Director/CIO, will be responsible to ensure the IT compliance to the IT Risk Management, Cybersecurity, Governance, and Operational Program guidelines. Participates in establishing and maintaining compliance guidelines and program procedures.  Responsible to complete regular assessments of audit and compliance adherence across the organization.  Serves as a leader to the IT organization to ensure we meet the requirements and expectations of customers and agencies the COMPANY partners with to provide services to the Community.  This job class is treated as FLSA Exempt.

Essential Functions:  Essential functions may vary among positions and may include the following tasks and other characteristics.  This list of tasks is ILLUSTRATIVE ONLY and is not intended to be comprehensive listing of tasks performed by all positions in this classification.


  1. IT Compliance Program:  Develops and manages the IT Compliance Program.
  • Ensure organizational compliance to required laws and standards including but not limited to HIPAA, PCI, NIST, SOC, and operational standards such as DevOps security.
  • Responsible to ensure the IT organization completes environment risk assessments and assesses operations meets the organization’s accepted risk tolerance level.
  • Responsible to ensure consistency of meeting the established control processes.
  • Responsible to report compliance program performance to IT Executive Management and the IT Governance Committee.
  • Responsible for monitoring employee risk management training including security awareness training.
  • Establishes, maintains and enforces compliance operating policies organizational information, applicable security procedures and support practices to ensure the quality of compliance services provided.
  • Recognizes and identifies potential area where existing policies and procedures require change, or where new ones need to be developed within the IT organization to meet compliance goals.
  • Participates in breach event management and responsible to ensure assigned event coordinator completes the incident response procedures including the breach mitigation process.
  • Manages software consultants, vendors, and contract management for security and audit vendors.
  • Serves as project manager for projects as necessary and responsible for adhering to the established project management methodology.
  • Works with resource managers to allocate resources and prioritizes work schedules to accomplish project milestones and deadlines.
  • Monitors and reports project status to the IT Director/CIO and IT Management Team as required and shares challenges, accomplishments, staffing requirements and other pertinent information.


  1. IT Risk Program:  Manages the IT risk assessment program.
  • Provides reports to the CIO and other members of the senior leadership team.
  • Review compliance with the information cybersecurity policies, controls, and associated procedures.
  • Ensures new risks are identified and mitigated in a timely manner;
  • Continuously monitors systems and addresses any incidents identified by cybersecurity and IT operations teams.
  • Ensure the Community systems and users are in adherence with required cybersecurity standards and contractual agreements made with agencies and entities.


  1. Compliance Governance:  Provides leadership to the organization’s IT Compliance and Oversight Committee.  Responsible for monitoring framework of standards, processes and activities for the compliance program and adjusts to incorporate new controls to address emerging risks, redesigning weak control processes and developing training programs to improve security awareness among employees.
  • Able to provide cybersecurity presentations
  • Complete cyber risk assessments and studies with analysis and recommendations
  • Provide cybersecurity consultation services
  • Provides cybersecurity training
  • Effectively communicate strategy and operational plans to executives and staff


  1. Leadership:  Provides compliance leadership to the cybersecurity and operations team staff to ensure organizational compliance for multiple audit agencies and cybersecurity control frameworks implemented by the COMPANY.
  • Responsible to lead the IT organization in the continuous improvement of the IT Compliance Program.
  • Serves as the primary coordination contact for audits, facilitates written responses to audit findings and develop mitigation plans with key stakeholders.
  • Provides leadership and promotes shared responsibility across the IT organization with education and program development
  • Provides senior leadership to the Cybersecurity Team staff and works closely with operational IT divisions to establish and enforce IT audit and security standards.  Evaluates and recommends best in class standards and processes.
  • Develop and communicate cybersecurity strategies and plans to the management team, staff, partners, customers, and stakeholders.
  • Forms partnerships that help drive the IT compliance strategy forward.
  • Responsible effective communication with IT teams, customers and entities involved in audit and the effective operation of the compliance program.


  1. Miscellaneous:  Other IT job related tasks as required by the IT Director/CIO.

Knowledge, Skills, Abilities and Other Characteristics:

  • Knowledge of the history, culture, laws, customs and traditions of the COMPANY.
  • Knowledge of IT security system configuration, administration and maintenance.
  • Knowledge of up-to-date cybersecurity system architecture, technical cybersecurity standards and industry best practices.
  • Knowledge of testing and implementing security patches and version upgrades processes.
  • Extensive knowledge in enterprise security architecture design and enterprise security document creation.
  • Knowledge of, and practical application experience with, network penetration testing.
  • Knowledge of CIS Critical Controls.
  • Knowledge of NIST controls
  • Knowledge of SAS Controls and Audit procedures.
  • Knowledge of the development and maintenance of an organizational Cybersecurity Plan.
  • Knowledge of cybersecurity best practice standards.
  • Knowledge of HIPPA and HIPPA HiTech compliance.
  • Knowledge of PCI compliance.
  • Knowledge of incident response processes and procedures.
  • Knowledge and understanding of project management principles.


  • The skill to learn and adapt to the Community needs, style and organizational expectations for conduct and responsiveness
  • Solid people management skills – providing direction, monitoring performance, motivating staff and building a positive working environment
  • Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
  • Digital leadership skills – capable of empowering and leading an IT team to meet business and IT security goals
  • A passion for technology and security safeguarding with a desire to deliver
  • Skill identifying and working with third-party vendors.
  • Skill developing Requests for Proposals (RFP).
  • Skill in monitoring an employee cybersecurity awareness training.
  • Skill Monitoring and managing vendor performance.
  • Skill assessing the impact of new service requests for products and systems.
  • Skill providing problem investigation, troubleshooting and problem resolution.
  • Skill establishing and maintaining effective working relationships with peers, business partners, customers, vendors and supervisors.
  • Skill with excellent verbal and written communication.


  • Ability to communicate to all levels of the organization from executives to technical staff.
  • Ability to develop and enhance IT policies, procedures and best practices.
  • Ability to project manage complex project and initiatives.
  • Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
  • Ability to perform cybersecurity reviews and coordinate the proper, effective and timely corrective action.
  • Ability to provide enterprise cybersecurity strategy, cybersecurity risk and data privacy information and education in a concise and comprehensible manner.
  • Ability interpreting the applicability of local and federal laws/regulations as applies to secure company operations. In particular, experience with FedRamp and NIST 800 requirements.
  • Ability to assess Business Continuity Plans and Disaster Recovery Plans.
  • Ability to assess the administration of the Community’s data cybersecurity awareness program.
  • Ability to provide vision, forward-looking insight and leadership regarding strategic infrastructure and data security issues.
  • Ability to utilize problem solving techniques, improvisation and creativity to accomplish goals.
  • Ability to analyze data, draw logical conclusions and make sound decisions and recommendations.
  • Ability to understand human resource management principles, practices, and procedures.
  • Ability to work in a team environment.


  • Education and Experience:  A Bachelor’s degree from accredited college or university in Information Audit and Compliance Management, Information Systems, Management Information Systems, Computer Science or a related discipline.
  • Other combinations of experience and education that meet the minimum requirements may be substituted for a Bachelor’s degree.
  • Five (5) years of direct work experience in Infrastructure Security Management and IT Cybersecurity Industry Best Practices required.
  • Five (5) years of demonstrated expertise performing the following 4 tasks required:

1. Managing a technology risk management program.
2. Completing technology audit and compliance assessments.
3. Experience in the cybersecurity aspects of multiple platforms, operating systems, software applications and databases.
4. Excellent interpersonal, communication, organizational, and project management skills and strong judgment and analytical ability.
5. Established and managed governance and compliance boards.

  • Five (3) years full time experience demonstrating expertise performing the following tasks required:
  1. Completing technology risk assessments.
  2. Completing a risk mitigation plan and managing project to complete the established plans.

2. Establishing the objectives and overseeing the implementation of corporate or government Technology Compliance program.
3. Establish the objectives and overseeing the implementation an organization’s compliance policies and associated training/infrastructure to support privacy policies.

  • One or more of the following certifications is preferred:

Equivalency: Any equivalent combination of education and/or experience that would allow the candidate to satisfactorily perform the duties of this position, will be considered.

Discover Your Next Career

Related Jobs


Sr. Project Manager

Strategic Systems - Scottsdale, Arizona

266: ACRO -- AZDEQ – Software Quality Assurance

Strategic Systems - Phoenix, Arizona

Desktop support

Strategic Systems - Cleveland,

Customer service systems support

Strategic Systems - Salt Lake City, Utah