Security Policy & Compliance Analyst

Job Description

Job Description

Position Title : Policy & Compliance Analyst

Base Salary : $80,768 to $103,084 annually DOE

Benefits : Medical, dental, vision, 401k, flexible spending account, paid sick leave and paid time off, parental leave, quarterly performance bonus, training, career growth and education reimbursement programs.

At Ziply Fiber, our mission is to elevate the connected lives of our communities every day. We are delivering the fastest home internet in the Northwest, with a focus on areas traditionally underserved by mainstream internet companies. And as our state-of-the-art fiber network expands in WA, OR, ID and MT, so does our need for team members who can help us grow and realize our goals.

We may be building internet, but we are reaching real people. We strive to build relationships and provide customers and communities with refreshingly great experiences.

We emphasize our values in all our interactions :

Genuinely Caring : O ur customers and colleagues are people, and quite possibly our neighbors. We put ourselves in their shoes and give them our full attention.

Empowering You : We empower our customers to choose the products that best meet their needs, and we support our employees to implement solutions that elevate the experiences of our customers and coworkers.

Innovation and Improvement : We always look for ways to make the experiences of our customers – and each other – better.

Earning Your Trust : We earn trust by communicating simply and transparently as real people, not as a corporation.

Job Summary

The Security Policy & Compliance Analyst plays a key role in maintaining Ziply’s information security posture. The analyst is responsible for managing the review, publication, and enforcement of internal security policies and procedures. The analyst supports cross-functional teams in aligning with regulatory security frameworks such as NIST, SOC 2, SOX, PCI-DSS, and helps maintain documentation that demonstrates compliance and due diligence.

Essential Duties and Responsibilities :

The Essential Duties and Responsibilities listed below are a range of duties performed by the employee and not intended to reflect all duties performed.

Policy Management

• Administer the policy lifecycle, including drafting, coordinating reviews, publishing, and updating security policies.
• Collaborate with Legal, IT, and Security to ensure policies align with business and regulatory requirements.
• Maintain centralized documentation for audits, assessments, and regulatory reviews.
• Assist in preparing and organizing policy and evidence documentation for internal and third-party audits.
• Monitor regulatory developments and assist in aligning internal practices accordingly.

Compliance Monitoring & Enforcement

Risk & Regulatory Alignment

Training & Reporting

Other Duties

Required Qualifications :

o National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).

o NIST Special Publication 800-171.

o International Organization for Standardization ISO 27001.

o Service Organization Control 2 (SOC 2).

o Sarbanes-Oxley Act (SOX).

o Payment Card Industry Data Security Standard (PCI-DSS).

o NIST guidelines.

Preferred Qualifications :

o Certified Information Systems Auditor (CISA).

o Certified in Risk and Information Systems Control (CRISC).

o Certified Information Systems Security Professional (CISSP).

o Or equivalent certifications.

Knowledge, Skills, and Abilities :

Work Authorization

Applicants must be currently authorized to work in the US for any employer. Sponsorship is not available for this position.