Position
Title: Policy & Compliance Analyst

Base Salary:
$80,768
to $103,084 annually DOE

Benefits:
Medical,
dental, vision, 401k, flexible spending account, paid sick leave and paid time
off, parental leave, quarterly performance bonus, training, career growth and
education reimbursement programs.

At
Ziply Fiber, our mission is to elevate the connected lives of our communities
every day. We are delivering the fastest home internet in the Northwest, with a
focus on areas traditionally underserved by mainstream internet companies. And
as our state-of-the-art fiber network expands in WA, OR, ID and MT, so does our
need for team members who can help us grow and realize our goals.

We may be building internet, but we are reaching real people. We
strive to build relationships and provide customers and communities with
refreshingly great experiences.

We
emphasize our values in all our interactions:

Genuinely Caring:
O
ur
customers and colleagues are people, and quite possibly our neighbors. We put
ourselves in their shoes and give them our full attention.

Empowering You
:
We
empower our customers to choose the products that best meet their needs, and we
support our employees to implement solutions that elevate the experiences of
our customers and coworkers.

Innovation and Improvement
:
We always look for ways to make the experiences of our customers –
and each other – better.

Earning Your Trust
:
We earn
trust by communicating simply and transparently as real people, not as a
corporation.

Job Summary

The Security Policy & Compliance Analyst
plays a key role in maintaining Ziply’s information security posture. The
analyst is responsible for managing the review, publication, and enforcement of
internal security policies and procedures. The analyst supports
cross-functional teams in aligning with regulatory security frameworks such as
NIST, SOC 2, SOX, PCI-DSS, and helps maintain documentation that demonstrates
compliance and due diligence.

Essential Duties and Responsibilities:

The Essential Duties and Responsibilities listed below are a range of
duties performed by the employee and not intended to reflect all duties
performed.

Policy Management

·
Administer the policy lifecycle, including
drafting, coordinating reviews, publishing, and updating security policies.

·
Collaborate with Legal, IT, and Security to
ensure policies align with business and regulatory requirements.

·
Maintain centralized documentation for audits,
assessments, and regulatory reviews.

·
Assist in preparing and organizing policy and
evidence documentation for internal and third-party audits.

·
Monitor regulatory developments and assist in
aligning internal practices accordingly.

Compliance Monitoring & Enforcement

·
Assist in monitoring organizational adherence to
internal policies and procedures.

·
Track and report on compliance and policy
enforcement metrics.

·
Arranges, conducts and monitors compliance
testing, audits, and investigations.

·
Provides ongoing monitoring of compliance
information systems and processes.

·
Informs supervisor of any compliance violations.

Risk & Regulatory Alignment

·
Reviews internal systems, controls, and
processes and identifies ways to resolve regulatory gaps and deficiencies.

·
Assists with the implementation of new and
updated compliance systems, standards, processes, procedures, and policies.

·
Ensures compliance with all local, state, and
federal laws and regulations as well as company policies, procedures and
internal controls.

Training & Reporting

·
Support compliance initiatives across
departments by providing guidance and training.

·
Generates analyses and reports containing
results of compliance testing to management.

·
Develops, maintains, and delivers compliance
training content and programs.

Other Duties

·
Performs
other duties as required to support the business and evolving organization
.

Required Qualifications:

·
Bachelor of Science (BS) in Computer Science, Information Technology,
Risk Management, Legal Studies, Business, or a related field.

·
Minimum of two (2) years in a policy, audit, or compliance analyst role.

·
Strong understanding of risk frameworks such as:

o
National Institute of Standards and Technology Cybersecurity Framework
(NIST CSF).

o
NIST Special Publication 800-171.

o
International Organization for Standardization ISO 27001.

o
Service Organization Control 2 (SOC 2).

o
Sarbanes-Oxley Act (SOX).

·
Direct experience managing regulatory requirements such as:

o
Payment Card Industry Data Security Standard (PCI-DSS).

o
NIST guidelines.

·
Experience contributing to cross-functional compliance projects or
initiatives.

·
Familiarity with Governance, Risk, and Compliance (GRC) platforms or
compliance tracking systems.

·
Familiarity with legal hold processes, third-party risk management, and
incident response documentation.

·
Familiarity with business continuity and incident response concepts and
procedures.

Preferred Qualifications:

·
Industry certifications such as:

o
Certified Information Systems Auditor (CISA).

o
Certified in Risk and Information Systems Control (CRISC).

o
Certified Information Systems Security Professional (CISSP).

o
Or equivalent certifications.

Knowledge, Skills, and Abilities:

·
Excellent
verbal and written communication skills with strong attention to detail,
organizational ability, and proficiency in documentation, including presenting
to executives and auditors.

·
Ability
to work independently and apply sound judgment and reasoning skills to a
variety of situations.

·
Strong
organizational and analytical skills.

·
Ability
to interpret and apply regulatory requirements.

·
Demonstrated
integrity and professionalism in handling sensitive documentation.

Work Authorization

Applicants must be currently authorized to
work in the US for any employer. Sponsorship is not available for this
position.