Security and Compliance Analyst

Job Summary

Education at Work is committed to providing a secure and compliant IT environment that enables student employees and staff to focus on their mission. We are seeking a Cybersecurity & Compliance Analyst to strengthen our security posture, drive compliance initiatives, and safeguard critical systems supporting our student workforce. This role is instrumental in ensuring E@W meets and exceeds regulatory compliance standards such as PCI-DSS, SOC 2, and HIPAA, while also implementing robust security measures to protect our IT infrastructure from evolving cyber threats. If you are passionate about security, compliance, and making a tangible impact on an organization that supports students, this is the role for you.

• Lead and manage PCI-DSS, SOC 2, and HIPAA compliance efforts across IT infrastructure and operations.
• Work closely with internal teams and auditors to complete security and compliance assessments.
• Maintain and update policies, standards, and controls aligned with NIST 800-53, CIS benchmarks, and other industry frameworks.
• Develop a continuous compliance monitoring strategy, ensuring that controls are regularly tested and enforced.
• Create and maintain a risk register, identifying, assessing, and mitigating IT security risks.
• Ensure incident response plans align with compliance requirements and legal obligations.

• Utilize Microsoft Sentinel, Defender for Endpoint, and other SIEM tools to monitor for security threats.
• Investigate potential security incidents, perform root cause analysis, and recommend remediation strategies.
• Establish log management and retention policies to align with compliance mandates.
• Develop security dashboards and automated reports to track key security and compliance metrics.

• Enforce role-based access control (RBAC) and least privilege policies across Azure AD, Okta, and M365.
• Implement and enforce Multi-Factor Authentication (MFA) and Conditional Access policies.
• Ensure data encryption standards (in transit & at rest) meet compliance regulations.
• Conduct regular access reviews and remediate any unauthorized access.

• Lead internal IT audits to validate compliance with SOC 2, PCI-DSS, and HIPAA requirements.
• Prepare and coordinate third-party compliance audits, working directly with auditors and regulatory bodies.
• Ensure all IT policies and procedures remain current and align with compliance and regulatory requirements.

• Develop and implement security awareness training for employees and student workers.
• Conduct simulated phishing exercises to improve user awareness of cyber threats.
• Provide guidance on handling sensitive data to maintain compliance with data privacy laws.

• Bachelor’s degree in Cybersecurity, Information Security, IT, or equivalent experience.
• 3+ years of experience in cybersecurity, IT compliance, or risk management.
• Strong understanding of PCI-DSS, ISO 27001, SOC 2, HIPAA, and other regulatory frameworks.
• Experience with Azure AD, Microsoft Defender, Sentinel, and compliance automation tools.
• Knowledge of firewalls, network segmentation (VLANs, NSGs), and Zero Trust security models.
• Hands-on experience with audits, risk assessments, and third-party security evaluations.
• Excellent problem-solving and communication skills, with the ability to explain complex compliance topics to non-technical teams.

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• CompTIA Security+
• Microsoft SC-200 (Security Operations Analyst)

Education At Work (E@W) enables students from traditionally underserved communities to secure a high-quality post-graduation job through evidence informed work-based learning programs. E@W aims to equip students with the high-value skills and experiences sought in the professional world by offering meaningful work opportunities. 

If you love the pursuit of excellence and are inspired by empowering a student-centered culture to fulfill the E@W mission, we invite you to learn more. We offer unique opportunities to work on rewarding projects in an environment that appreciates diversity, focuses on talent development, and recognizes and rewards exceptional work.

AFFIRMATIVE ACTION PLAN / EQUAL EMPLOYER OPPORTUNITY (AAP/EEO) STATEMENT: 

Education at Work (E@W) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, E@W complies with applicable state and local laws governing nondiscrimination in employment in every location where the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. EAW expressly prohibits workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of E@W’s employees to perform their job duties may result in discipline up to and including termination of employment.  

THE AMERICANS WITH DISABILITIES ACT OF 1990 (ADA) PROHIBITS DISCRIMINATION IN COMPENSATION AND EMPLOYMENT OPPORTUNITIES AGAINST QUALIFIED INDIVIDUALS WITH DISABILITIES.  TO DETERMINE WHETHER AN INDIVIDUAL IS QUALIFIED, THE ESSENTIAL FUNCTIONS OF EACH JOB MUST BE IDENTIFIED.  ESSENTIAL FUNCTIONS ARE THOSE THAT ARE INTRINSIC TO THE POSITION, AND THAT THE INDIVIDUAL(S) WHO HOLDS THE JOBS MUST BE ABLE TO PERFORM WITH OR WITHOUT REASONABLE ACCOMMODATION.