Job Description

Job Title:

IT Compliance Analyst

Department:

Security & Compliance

Reporting to:

Director of Compliance

Location:

Baltimore, MD (Not Remote - In-Office at least 2 days per week)

Hours of work:

Typical hours of work are from 8:30 AM until 5:00 PM local time Monday through Friday. Flexibility of Working Hours dependent on location. Additional hours may be necessary as needed. This position is exempt from overtime.

Compensation:

$65,000 - $75,000 annually. Range is commensurate with experience.

Who we are:

===============

InVita develops specialized medical software for regulated industries that support the advancement of Human Biologics as well as Public Health and Safety. We are the acknowledged leader in the markets we serve. Our subject matter expertise is unmatched in the industry and our products are used by public health and medical professionals across the globe. As we expand, we are strengthening our security posture to continue to meet[LB1] regulatory requirements, manage risk, and protect sensitive healthcare data.

Overview:

=============

We are seeking an IT Compliance Analyst to support the completion of customer security and infrastructure-related Requests for Information (RFIs), vendor security questionnaires, and other compliance-related documentation. This role ensures that responses accurately reflect the organization's security posture, infrastructure controls, and compliance frameworks while improving the efficiency of the RFI process.

Essential Functions:

========================

#### RFI & Security Questionnaire Management

Respond to customer security RFIs, vendor security assessments, and infrastructure-related due diligence requests. Maintain an organized repository of standard security responses to streamline the RFI process. Coordinate with internal teams (Security, DevOps, IT, Engineering, and Legal) to ensure accuracy and completeness of responses. Develop and maintain a knowledge base of frequently asked security and compliance questions.
#### Compliance & Security Documentation

Ensure responses align with industry security frameworks, including SOC 2, HIPAA, ISO 27001, and NIST. Assist in the preparation of security white papers, customer-facing compliance documents, and security FAQs. Track regulatory and industry changes that impact compliance responses.
#### Security & Risk Assessment Support

Support internal audits and assessments to ensure the organization meets compliance requirements. Assist with gap analysis and remediation tracking for security and compliance initiatives. Participate in vendor risk assessments and third-party security reviews.
#### Process Improvement & Automation

Work with security and IT teams to improve efficiency in responding to RFIs through automation and documentation improvements. Identify opportunities to standardize security controls across the organization. Assist in implementing security compliance tools and governance frameworks.

Qualifications:

===================

#### Required:

2+ years of experience in security compliance, risk management, IT audit, or a related field. Familiarity with security and compliance frameworks such as SOC 2, HIPAA, NIST, ISO 27001, and FedRAMP. Strong writing and documentation skills, with the ability to communicate complex security concepts clearly. Experience with cloud computing security (AWS, Azure, GCP) and SaaS environments. Strong organizational skills with attention to detail and the ability to manage multiple RFIs simultaneously.
#### Preferred:

Experience working in a SaaS, healthcare, or highly regulated industry. Knowledge of security risk assessment methodologies and vendor risk management. Experience with security questionnaire automation tools (e.g., Responsive, Whistic, Drata, OneTrust, or similar). Security certifications such as CISSP, CISA, CISM, or Security+ are a plus.

Physical Demands and Work Environment:

==========================================

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform the functions.

While performing the duties of this position, prolonged periods of sitting at a desk and working on a computer may be required. Additionally, the employee is regularly required to talk or listen. The employee frequently is required to use hands or fingers, handle, or feel objects, tools, or controls. The employee is occasionally required to stand, walk, sit; reach with hands and arms; climb or balance; and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 15 pounds. Specific vision abilities required by this position include close vision, distance vision, color vision, peripheral vision, and the ability to adjust focus. The noise level in the work environment is usually moderate.
This job description in no way states or implies that these are the only duties to be performed by the employee(s) incumbent in this position. Employee(s) will be required to follow any other job-related instructions and perform any other job-related duties requested by any person authorized to give instructions or assignments.



This document does not create an employment contract, implied or otherwise, other than an "at-will" relationship.



InVita provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
[LB1]to continue to meet


pSo7R9Wj0a