Staff IT Compliance Analyst

The Staff IT Compliance Analyst is responsible for rolling out and updating policies, establishing evidence collection processes, and managing compliance evidence with auditors. This role involves conducting internal assessments, testing IT controls, identifying gaps, and driving remediation. The analyst will also improve governance processes and documentation, playing a key role in achieving regulatory and contractual compliance by collaborating with cross-functional teams.

Must Have

• Work with stakeholders to roll out and update policies.
• Establish processes for evidence collection.
• Work with internal and external auditors to manage compliance evidence.
• Conduct internal assessments and test IT controls.
• Evaluate assessment results, identify gaps, and drive remediation.
• Identify and manage opportunities to improve governance processes.
• Participate in ongoing compliance initiatives (documenting controls, testing).
• Ensure alignment to frameworks like ISO 27001, PCI, SOC, HIPAA, GDPR.
• Provide support for external and internal information security audits.
• Conduct risk assessments to evaluate compliance with security standards.
• Collaborate with cross-functional teams for remediation.
• Serve as a compliance subject matter expert.
• Manage and maintain compliance documentation.
• Assist in annual planning and maintenance of risk control matrix.
• Collaborate to update and refine compliance strategy.
• Support training and awareness programs.

Good to Have

• Bachelor’s Degree in Computer Science, Cybersecurity, Engineering, or equivalent experience.
• Minimum of 5-7 years of experience in an audit or compliance capacity.
• Relevant certifications (CISA, CISM, CRISC, CISSP, or CCSK).
• In-depth knowledge of ISO 27001, ISO 27701, SOC, PCI, HIPAA.
• Knowledge of privacy frameworks (GDPR, CCPA, CPRA).
• Familiarity with cloud security principles (AWS, Azure, GCP).
• Familiarity with DevSecOps practices and secure SDLC.
• Experience in using GRC tools such as ZenGRC.
• Industry experience in the SaaS environment.
• Detailed oriented and proactive with strong project management skills.
• Excellent communication and interpersonal skills.

A career that’s the whole package!

At Conga, we’ve built a community where our colleagues can thrive. Here you’ll find opportunities to innovate and support growth through individual and team development, all within an environment where every voice is heard.

Conga accelerates the customer’s journey to becoming a more connected and intelligent business. The Conga Advantage Platform is recognized worldwide for enhancing this journey, bringing together Configure, Price, Quote, Contract Lifecycle Management, and Document Automation capabilities on a single open platform. It integrates seamlessly with any ERP, CRM, and Cloud. Powered by a unified data model and purpose-built AI, Conga helps companies achieve a unique advantage—one built on seamless connection, actionable intelligence, and scalable growth.

Our approach is grounded in the Conga Way, a framework that reflects our values and drives everything from hiring to decision-making, as well as key programs including recognition. Created with direct input from our colleagues, the Conga Way forms the foundation of our vibrant culture.

A quick snapshot…

You will be responsible for working with stakeholders across the company to roll out and update policies, establishing processes for evidence collection, and working with internal and external auditors to collect, evaluate and manage compliance evidence.

In addition to project management responsibilities, you will be responsible for conducting internal assessments and testing IT controls to ensure compliance readiness. You will evaluate the assessment results, identify gaps, and drive remediation. We will also rely on you to identify and manage opportunities and initiatives to improve the efficiency, effectiveness, and quality of governance processes and departmental documentation.

Why it’s a big deal…

The Staff IT Compliance Analyst plays a key role in Conga’s ability to achieve compliance with regulatory and contractual obligations. The Staff IT Compliance Analyst collaborates with other cross-functional teams to create, maintain, enhance, and enforce Conga’s IT compliance objectives.

Are you the person we’re looking for?

• You should have 8+ years of experience and would participate in, and support the ongoing compliance initiatives, which include documenting controls and processes, conducting control testing to ensure the continued effectiveness of Conga’s internal control environment, and its alignment to frameworks such as ISO 27001, PCI, SOC, HIPAA, GDPR, etc.
• Provide support for external and internal information security audits by ensuring on-time delivery of audit and compliance artifacts and evidence to key groups and individuals
• Conduct risk assessments to evaluate compliance with leading information security standards, and identify risks within Conga’s cloud infrastructure, data governance processes, development processes, and IT infrastructure
• Collaborate and develop working relationships with cross-functional teams to drive remediation efforts on identified risks and deficiencies
• Serve as a compliance subject matter expert and partner with various functional areas to define new and update existing processes and documentation based on company requirements and industry leading practices
• Management and maintenance of compliance documentation including policies, procedures, supplemental materials, and annual documentation reviews
• Assists in annual planning and maintenance of risk control matrix for in-scope applications and controls
• Collaborate with S&C leadership to update and refine compliance strategy based on emerging regulations, technologies, and threats impacting IT compliance, cybersecurity, and data privacy.
• Support training and awareness programs to promote a culture of compliance and security across technical and non-technical teams

Here’s what will give you an edge…

• Bachelor’s Degree in Computer Science, Cybersecurity, Engineering, or other relevant subject areas, or equivalent experience
• Minimum of 5-7 years of experience in an audit or compliance capacity
• Relevant certifications (e.g., CISA, CISM, CRISC, CISSP, or CCSK) preferred
• In-depth knowledge of at least one or more security/compliance frameworks such as ISO 27001, ISO 27701, SOC, PCI, HIPAA, etc.
• Knowledge of privacy frameworks such as GDPR, CCPA, CPRA, etc.
• Familiarity with cloud security principles (AWS, Azure, GCP), DevSecOps practices, and secure software development lifecycle (SDLC).
• Experience in using GRC tools such as ZenGRC
• Industry experience in the SaaS environment is a plus
• Detailed oriented and proactive with strong project management skills
• Excellent communication and interpersonal skills; ability to influence and collaborate across functional areas

#LI-UB1

Did we pique your interest?

If this sounds like the kind of job you would love in the kind of environment where you would thrive, please click apply. We'd love to hear from you!

Preferred Resume Format

We accept resumes in any format, we suggest using PDF or plain text. These formats help ensure that your resume’s formatting remains intact, making it easier for our recruiters to review your application promptly.

Don’t meet every requirement for the role?

Studies have shown that women and members of ethnic minorities are less likely to apply to jobs unless they meet every single qualification. At Conga we are dedicated to building a diverse, inclusive, and authentic workplace, so if you’re excited about this role but your experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You just might be the right candidate for this or other roles.