Compliance Analyst

Compliance Analyst

Hybrid; ability to come to Danvers, MA location 2-3 times a month.

CCC is currently looking for a Compliance Analyst. You are a highly skilled and motivated person with expertise in ISO 27001, SOC 2 Type 2, and PCI compliance standards. In this role, you will be responsible for ensuring that our organization maintains compliance with these critical frameworks, which are fundamental to our information security and data privacy practices. You will play a key role in conducting assessments, implementing controls, and driving continuous improvement initiatives to enhance our compliance posture. Ideally, you will possess in-depth knowledge of these standards, strong analytical abilities, and excellent communication skills to effectively collaborate with cross-functional teams.

Compensation range: 100-109K

The actual salary offer to the successful candidate will be based on job-related education, training, licensure, certifications, related experience and other related factors.

Other compensation: Performance bonus eligible

What you will be doing:

• Lead Compliance Programs: Oversee the implementation, maintenance, and enhancement of compliance programs for ISO 27001, SOC 2 Type 2, and PCI DSS.
• Conduct Assessments & Audits: Perform regular assessments, audits, and gap analyses to ensure adherence to compliance standards.
• Manage Compliance Processes: Monitor, track, and manage compliance-related activities, including Quarterly Access Reviews, control testing, and documentation updates.
• Stakeholder Collaboration: Work with internal teams to develop and implement control measures and processes that meet compliance requirements.
• Support External Audits: Assist in external audits by providing necessary documentation and support, ensuring smooth communication with auditors.
• Stay Informed & Train Staff: Keep up with regulatory changes, provide guidance, and train employees on compliance-related matters.

What you skills/experience you need to have:

• Educational Background: Bachelor's degree in IT, computer science, or related field. Advanced degrees or certifications (e.g., CISSP, CISA, ISO 27001 Lead Auditor) are preferred.
• Experience & Expertise: Minimum of 4 years in information security, compliance, or risk management, with a focus on ISO 27001, SOC 2 Type 2, and PCI DSS.
• Compliance & Risk Management: Proficient in implementing and maintaining compliance programs, conducting risk assessments, control evaluations, and gap analyses.
• Analytical & Technical Skills: Strong analytical abilities to assess complex systems, identify risks, and develop control measures. Familiarity with tools, methodologies, and frameworks like NIST and GDPR is a plus.
• Communication & Collaboration: Excellent communication skills for conveying technical concepts to non-technical stakeholders and working effectively across teams.
• Professionalism & Integrity: High ethical standards, with the ability to manage multiple projects, work independently, and maintain confidentiality in a fast-paced environment.

A bit about CCC:

CCC is more than a company, it’s a community. Our smart, talented, and compassionate team members make CCC a special place to work. We invest significantly in their development and well-being to give them the resources they need to grow.

CCC actively advocates for copyright around the world, engaging governments, stakeholders, and individuals with educational programming and thought leadership.

We are an agile and dynamic organization made stronger by our increasingly diverse community. Our team is encouraged and supported to contribute thoughts and ideas and is committed to a diverse, inclusive, equitable, vibrant ecosystem that cultivates opportunity and attracts talented people. We recognize high performance and innovative thinking in how we can continue to be more inclusive, foster change in our industry, access and serve underserved markets, and contribute to the common good in a way that makes a difference in the world.