Lead Compliance Analyst

Decisions is a fast-growing, private-equity-backed technology company that provides an integrated workflow and rules platform for business process automation (BPA). Trusted by top Fortune 500 firms and SMBs worldwide, Decisions empowers diverse industries around the globe to streamline and improve their processes, enhancing efficiency and yielding results, regardless of technical expertise. This no-code automation platform seamlessly integrates AI tools, rules engines, and workflow management, enabling the transformation of customer experiences, modernization of legacy systems, and the achievement of automation goals three times faster than traditional software development.

As the Lead Compliance/Security Analyst, your daily work ensures organizational operations exceed industry compliance standards to continually increase public brand trust. This role is directly responsible for collaborating with leadership, training employees on industry standards, developing policies, evaluating compliance, and communicating the security posture of Decisions with customers and Decisions leadership.

Under the tutelage of the Director of Technology, you will strive to elevate the productivity and efficiency of our team by fighting the status quo of “security theater” to extend our culture of safety and security as a lifestyle in all facets of our business.

This position will be on-site at our HQ in Virginia Beach, VA.

Key Objectives 

Objective #1:  Support Customer Growth 

• Meet with team members, 1x1 and as a group, for task coordination and mentoring 
• Maintain real-time, collaborative audit readiness 
• Oversee and contribute to successful external security and privacy audits (ex: SOC2, PCI DSS, ISO27001, etc) 
• Drive continual improvement in organizational policies and practices
• Research industry regulations and policies for Compliance Roadmap iteration 
• Oversee the timely completion of accurate customer and prospect requests (RFPs, questionnaires, etc) 

Objective #2: Eliminate Escalations 

• Own the org-wide Risk Register to proactively monitor, manage, and resolve business threats  
• Act as Incident Response Coordinator 
• Advise manager of project statuses as well as people / process / technology concerns
• Lead internal audits to assess operational and procedural compliance 
• Own quarterly phish testing of employees, including strategies to increase desired actions 
• Oversee the development and implementation of new compliance policies and procedures as required
• Maintain timely communication with auditors and follow up on action items 
• Identify and collaborate with security champions within each department
• Oversee and contribute to RCA report requests

Objective #3: Increase Business Profitability 

• Steward a company culture of data security awareness
• Enforce principle of lease privilege via org-wide collaboration  
• Oversee Cloud Cost reporting 
• Oversee and contribute to SLA report requests  
• Communicate with customers and team members to continually increase confidence
• Watch, learn, speak up, and do what is needed to advance our mission and who we are as an organization 
• Question the status quo and demonstrate initiative 

Specialized Experience 

• 3+ years experience leading internal and external audits (ex: SOC2, ISO 27000, PCI DSS, HITRUST, FEDRAMP, etc) 
• 3+ years effectively prioritizing and completing multiple tasks while also guiding others 
• 3+ years experience navigating Public Clouds (Azure or AWS certifications are a plus) 
• COMPTIA A+ and Security+ required 
• Industry certifications preferred: Network+, CAP, CCSK, CISA, CISM, CISSP, CCSP, CRISC, CCISO, Amazon Web Services (AWS), Microsoft Azure, etc 
• Linux experience is a plus 
• Bachelor’s degree in CS, Cyber Security, Information Technology, or related curriculum a plus 
• Demonstrated hands-on experience in performing key Information Security operational activities  
• Ability to listen attentively to others and communicate effectively both verbally and in writing  
• Proven ability to work effectively in teams that require high levels of cooperation, flexibility, cross-group collaboration, and real-time response 
• Strong problem-solving skills as well as excellent process discipline, milestone management, and time management skills 
• Ability to independently seek and find answers in order to complete work under narrow deadlines