Cyber Security Compliance Analyst II

Salary: $106,183.00 - $148,660.00 Annually Location : Scottsdale, AZ Job Type: Full-Time Job Number: 100912-260304 Department: Information Technology Opening Date: 03/04/2026 Closing Date: 3/18/2026 11:59 PM Arizona DefinitionDefinition: Under the general supervision of the Cyber Security Manager, the Cybersecurity Compliance Analyst II is responsible for ensuring IT compliance with IT Risk Management, Cybersecurity, Governance, and Operational Program guidelines. This role involves participating in establishing and maintaining compliance guidelines and program procedures. As a member of the cybersecurity team, responsible for completing regular assessments of audit and compliance adherence across the organization. This role ensures the IT organization meets the requirements and expectations of customers and agencies that the SRPMIC partners with to provide services to the Community. This job class is treated as FLSA Exempt.Essential Functions: Essential functions may vary among positions and may include the following tasks and other characteristics. This list of tasks is ILLUSTRATIVE ONLY and is not intended to be comprehensive listing of tasks performed by all positions in this classification. Examples of TasksTasks: IT Compliance Program: Assist in the development and management of the IT Compliance Program. Ensure organizational compliance with required laws and standards, including but not limited to HIPAA, FERPA, PCI, NIST, SOC, and operational standards such as DevOps security. Ensure the IT organization completes environmental risk assessments and evaluates operations to ensure they meet the organization's accepted risk tolerance level. Ensure consistency in meeting the established control processes. Report compliance program performance to IT Executive Management and Governance. Establish, maintain, and enforce compliance operating policies for organizational information, applicable security procedures, and support practices to ensure the quality of compliance services provided. Identify potential areas where existing policies and procedures require change or where new ones need to be developed within the IT organization to meet compliance goals. Participate in breach event management and is responsible for ensuring that the assigned event coordinator completes the incident response procedures, including the breach mitigation process. Manage software consultants, vendors, and contract management for security and audit vendors. Work with resource managers to allocate resources and prioritize work schedules to accomplish project milestones and deadlines. IT Risk Program:Ensure the Community systems and users adhere to required cybersecurity standards and contractual agreements made with agencies and entities. Provide reports to the IT Director/CIO and other members of the senior leadership team. Review compliance with the information cybersecurity policies, controls, and associated procedures. Ensure new risks are identified and mitigated in a timely manner. Compliance Governance:Responsible for monitoring framework of standards, processes and activities for the compliance program and adjusts to incorporate new controls to address emerging risks, redesigning weak control processes and developing training programs to improve security awareness among employees. Complete cyber risk assessments and studies with analysis and recommendations. Provide cybersecurity consultation services. Provide cybersecurity training. Leadership:Provide compliance leadership to the cybersecurity and operations team staff to ensure organizational compliance with multiple audit agencies and cybersecurity control frameworks implemented by the SRPMIC. Promote shared responsibility across the IT organization through education and program development. Build and maintain partnerships that help drive the IT compliance strategy forward. Responsible for effective communication with IT teams, customers, and entities involved in audits and the effective operation of the compliance program. Vendor Security Compliance:Maintain relationships with vendors to ensure compliance with security standards and deliverables. Conduct vendor security assessments to ensure compliance with SRPMIC policies and standards, evaluating a vendor's security practices, controls, and overall compliance with SRPMIC's established security guidelines. Identify and collaborate with IT teams to propose mitigation options when needed. Maintain a strong relationship with vendors, ensuring they stay up to date with any changes to SRPMIC's security policies and standards, including maintaining a vulnerability management program and incident response plan that meets organizational guidelines. Ensure appropriate data management and handling of SRPMIC data. Miscellaneous: Perform other IT job related tasks as assigned by the Cyber Security Manager, IT Assistant Director - Enterprise Architecture, or IT Director/CIO. Knowledge, Skills, Abilities and Other Characteristics: Knowledge of the history, culture, laws, customs and traditions of the SRPMIC. Knowledge of IT security system configuration, administration and maintenance. Knowledge of up-to-date cybersecurity system architecture, technical cybersecurity standards and industry best practices. Knowledge in enterprise security architecture design and enterprise security document creation. Knowledge of NIST, ISO and other relevant control sets and frameworks. Knowledge of SAS Controls and Audit procedures. Knowledge of the development and maintenance of an organizational Cybersecurity Plan. Knowledge of cybersecurity best practice standards. Knowledge of HIPPA, HIPPA HiTech, PCI and FERPA compliance. Knowledge of incident response processes and procedures. Skill learning and adapting to the Community needs, style and organizational expectations for conduct and responsiveness. Skill in leveraging a passion for technology and security safeguarding. Skill identifying and working with third-party vendors. Skill developing Requests for Proposals (RFP). Skill assessing the impact of new service requests for products and systems. Skill providing problem investigation, troubleshooting and problem resolution. Skill establishing and maintaining effective working relationships with peers, business partners, customers, vendors and supervisors. Skill with excellent verbal and written communication. Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies. Ability to communicate with all levels of the organization from executives to technical staff. Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies. Ability to perform cybersecurity reviews and coordinate the proper, effective and timely corrective action. Ability to provide enterprise cybersecurity strategy, cybersecurity risk and data privacy information and education in a concise and comprehensible manner. Ability interpreting the applicability of local and federal laws/regulations as applies to secure company operations; experience with FedRamp and NIST 800 requirements. Ability to assess Business Continuity Plans and Disaster Recovery Plans. Ability to assess the administration of the Community's data cybersecurity awareness program. Ability to provide vision, forward-looking insight and leadership regarding strategic infrastructure and data security issues. Ability to utilize problem solving techniques, improvisation and creativity to accomplish goals. Ability to analyze data, draw logical conclusions and make sound decisions and recommendations. Ability to work in a team environment. Minimum QualificationsEducation: A Bachelor's degree from accredited college or university in Information Audit and Compliance Management, Information Systems, Management Information Systems, Computer Science or a related discipline. Experience: Three (3) years' full-time demonstrated direct work experience in the following is required: Infrastructure Security Management and IT Cybersecurity Industry Best Practices. Managing a technology risk management program. Completing technology audit and compliance assessments. Experience in the cybersecurity aspects of multiple platforms, operating systems, software applications and databases. Excellent interpersonal, communication, organizational, and project management skills and strong judgment and analytical ability. Established and managed governance and compliance boards. Completing technology risk assessments. Completing a risk mitigation plan and managing project to complete the established plans. Supporting the implementation of corporate or government Technology Compliance program. Supporting the implementation an organization's compliance policies and associated training/infrastructure to support privacy policies. One or more of the following certifications is preferred: Advanced Certificate in Internal and Information Technology Audit (ISC)2Certifications Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Equivalency: Any equivalent combination of education and/or experience that would allow the candidate to satisfactorily perform the duties of this position, will be considered. Underfill Eligibility: An enrolled Community Member who closely qualifies for the minimum qualifications for a position may be considered for employment under SRPMIC Policy 2-19, Underfill. Salt River Pima-Maricopa Indian Community Employee Benefits Overview Salt River Pima-Maricopa Indian Community (SRPMIC) is committed to supporting the health, well-being, and financial security of our employees. We offer a comprehensive benefits package to employees, designed to enhance your quality of life both at work and at home. Below is a summary of the benefits available to SRPMIC employees. Plan details and eligibility requirements are provided upon hire and are subject to change. Health Care Benefits SRPMIC provides medical, dental, vision, and life insurance coverage for all regular full-time employees enrolled in standard plans. These benefits represent a significant part of your total compensation. Medical: Choose from three plan options to fit your needs-the Low Deductible Plan, the Mid-Deductible Plan, and the High Deductible Health Plan (HDHP) with a Health Savings Account (HSA). As a self-funded plan, SRPMIC directly covers the cost of medical, pharmacy, dental, and vision services for all participants. Dental: Enjoy nationwide access to the Humana Dental PPO/Traditional Preferred network, offering flexibility and choice in selecting dental care providers. Vision: Coverage is provided through Davis Vision, including eye exams, lenses, frames, and contact lenses. Members also benefit from discounted rates on additional eyewear and services. Life Insurance: All eligible employees are automatically enrolled in a fully paid basic term life insurance policy with a matching accidental death benefit. Retirement Plans SRPMIC supports your long-term financial goals through multiple retirement plan options: 401(k) and Roth Plans: Eligible employees can participate in both pre-tax and post-tax retirement savings plans. SRPMIC contributes 5% of your compensation to the pre-tax 401(k) and matches up to 3% of your salary deferral contributions. Public Safety Personnel Retirement System (PSPRS): Available to eligible certified police officers and firefighters. Arizona State Retirement System (ASRS): Available to Salt River School educators. Health Reimbursement Arrangement (HRA): A retiree HRA with Health Equity, which is a tax-advantaged employer-funded account that retired employees (Age 55+) can use for qualified medical expenses, including some premiums, and out-of-pocket expenses such as copays and deductibles. Paid Leave & HolidaysAnnual & Sick Leave: Employees accrue separate balances for sick and annual leave each pay period. Sick leave may be used for personal or family illness and medical appointments, while annual leave covers vacation or personal time. Holidays: SRPMIC observes 15 paid holidays each year, including two discretionary holidays and one day of birthday leave. Other SRPMIC Paid Benefits Short-Term DisabilityLong-Term DisabilityEmployee Assistance Program (EAP) SRPMIC offers a confidential Employee Assistance Program through SupportLinc, available at no cost to employees, their dependents, and household members. Additional Voluntary BenefitsWellPath Wellness Program: A voluntary wellness initiative that encourages healthy living and rewards participation with incentives. Available to all employees and their dependents. Flexible Spending Accounts (FSA): Administered by HealthEquity, FSAs allow you to pay for eligible health and dependent care expenses with pre-tax dollars. Health Savings Account (HSA): Available to employees enrolled in the HDHP. Supplemental Life & AD&D Insurance: Employees may purchase additional life and accidental death coverage for themselves and their dependents. Public Service Loan Forgiveness (PSLF): SRPMIC is a qualified employer under the PSLF program. Employees may be eligible for federal student loan forgiveness. At SRPMIC, we value our employees and are proud to offer benefits that support your health, well-being, and future.

Created: 2026-03-06