Compliance Analyst

It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

 OUR MISSION

At Redwood, we empower our customers with lights-out automation for their mission-critical business processes.

ABOUT US

Redwood Software is the leader in full stack automation fabric solutions for mission-critical business processes. With the first SaaS-based composable automation platform specifically built for ERP, we believe in the transformative power of automation. Our unparalleled solutions empower you to orchestrate, manage and monitor your workflows across any application, service or server — in the cloud or on premises — with confidence and control. 

Redwood’s global team of automation experts and customer success engineers provide solutions and world-class support designed to give you the freedom and time to imagine and define your future. Get out of the weeds and see the forest, with Redwood Software.

CORE VALUES

One Team. One Redwood

Make Your Own Weather

Obsess over Customer Success

Work the Problem

Be Curious

Own the Outcome

Respect Each Other

YOUR IMPACT

Mission Statement: To champion regulatory compliance, proactively mitigate risks, and ensure organizational trustworthiness through diligent adherence to established frameworks.

The Compliance Analyst plays a critical role in ensuring Redwood's adherence to a variety of regulatory frameworks, industry standards, and internal policies. This position is responsible for aligning organizational practices with standards such as ISO 27001, SOC, GDPR, HIPAA, and PCI DSS, as well as managing third-party risk and supporting customer-facing compliance requirements through RFI/RFP processes. The ideal candidate will possess a strong understanding of these frameworks, excellent analytical skills, and the ability to translate complex requirements into actionable processes.

• Regulatory Frameworks:

  • Align and maintain organizational practices in accordance with ISO 27001, SOC (specify type, e.g., SOC 2), GDPR, and other relevant regional, national, and international standards.

  • Conduct regular internal audits to assess and ensure ongoing compliance with multiple regulatory frameworks and internal policies.

• Compliance Documentation and Reporting:

  • Develop, maintain, and update comprehensive compliance records, certifications, and audit reports.

  • Generate clear and concise compliance reports for internal leadership, external auditors, and other stakeholders as required.

• Third-Party Risk Management:

  • Assess and continuously monitor the compliance of third-party vendors and service providers with relevant regulatory and organizational standards.

  • Conduct thorough risk evaluations and implement robust vendor due diligence processes to mitigate potential compliance risks.

• PCI DSS and HIPAA Compliance:

  • Ensure the organization's ongoing compliance with Payment Card Industry Data Security Standard (PCI DSS) through regular audits, development and maintenance of relevant policies, and performance of gap analyses.

  • Implement and monitor effective security controls to protect cardholder data.

  • Develop, implement, and maintain HIPAA compliance programs, with a strong focus on the confidentiality, integrity, and availability of Protected Health Information (PHI), and ensure adherence to risk mitigation strategies.

• RFI/RFP Management:

  • Prepare and submit accurate and comprehensive responses to Requests for Information (RFIs) and Requests for Proposal (RFPs), ensuring alignment with PCI DSS, HIPAA, and other applicable organizational policies and standards.

  • Maintain a well-organized repository of up-to-date compliance documentation to facilitate efficient and accurate responses to customer inquiries.

YOUR EXPERIENCE 

• Bachelor’s degree in a relevant field such as Information Security, Business Administration, Legal Studies, or a related discipline.

• 5–7 years of demonstrable experience in a compliance-focused role, with significant exposure to SOC (specify type), ISO 27001, PCI DSS, and HIPAA frameworks.

• In-depth knowledge and practical application of PCI DSS, HIPAA, ISO 27001, and SOC (specify type) frameworks.

• Strong understanding of data privacy regulations (e.g., GDPR, CCPA) and their implications.

• Proficiency in conducting internal audits and risk assessments.

• Excellent documentation and report writing skills.

• Certified Information Systems Auditor (CISA)

• Certified Information Security Manager (CISM)

• Other relevant certifications (e.g., CISSP, CIPP) are a plus.

• Strong analytical and problem-solving abilities.

• Excellent communication and interpersonal skills, with the ability to effectively interact with technical and non-technical stakeholders. 

• Ability to manage multiple priorities and work independently.

• High level of integrity and attention to detail.

If you like growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

THE LEGAL BIT

Redwood is an equal opportunity employer. Redwood prohibits unlawful discrimination based on race, colour, religion, sex, gender identity, marital or veteran status, age, national origin, ancestry, citizenship, physical or mental disability, medical condition, genetic information or characteristics (or those of a family member), sexual orientation, pregnancy or any other consideration made unlawful by regional or local laws. We also prohibit discrimination based on a perception that anyone has any of those characteristics or is associated with a person who has or is perceived as having any of those characteristics. All such discrimination is unlawful and will have a zero tolerance policy applied to it.
 

Redwood will comply with all local data protection laws, including GDPR when it comes to the handling and processing of personal data. Should you wish for us to remove your personal data from our recruitment database, please email us directly at Recruitment@Redwood.com