Information Security Compliance Analyst (Onsite in Waukee, IA)

Holmes Murphy

Holmes Murphy has always believed that investing in our employees, the spaces in which they work, and the environment that we provide are all critical to our culture, purpose, and the services we offer. After all, we know that employees who feel appreciated and recognized for their hard work and dedication results in employees who feel immensely invested in the success of our clients and our company. On top of this, our employees have a seat at the table and the opportunity to pave their own way. Cool, right?! If you nodded yes, check out our open Information Security Compliance Analyst position and apply!

We are looking to add an Information Security Compliance Analyst to join our Information Technology team in Waukee, IA. Candidates thrive in our environment when they harness their collaborative mindset, strong interpersonal communication skills, and a love of learning.

This role supports the enterprise information security program, strategy, policies, standards, awareness, and training. In this role, you will be in an advisory role driving improvements that help our overall governance program for information security to help enable and protect the business.


  • Regulatory Compliance Monitoring:
    • Thoroughly understand and stay up-to-date with relevant security regulations, laws, and industry standards (e.g., GDPR, HIPAA, PCI DSS, ISO 27001, NIST, etc.).
    • Assess the organization’s current security posture and identify gaps or areas of non-compliance.
    • Develop and implement policies, procedures, and controls to ensure compliance with applicable regulations and standards.
  • Risk Assessment and Management:
    • Conduct risk assessments to identify potential security threats, vulnerabilities, and their associated risks.
    • Analyze and prioritize risks based on their likelihood and potential impact.
    • Recommend and implement appropriate risk mitigation strategies and controls
  • Security Control Implementation and Monitoring:
    • Collaborate with various teams (IT, operations, legal, etc.) to design, implement, and maintain security controls.
    • Monitor the effectiveness of security controls and ensure they are operating as intended.
    • Perform regular audits and assessments to evaluate the organization’s compliance posture.
  • Vendor and Third-Party Risk Management:
    • Assess the security posture and compliance of third-party vendors, suppliers, and partners.
    • Ensure that appropriate security controls and contractual agreements are in place for third-party relationships.
  • Documentation and Reporting:
    • Maintain comprehensive documentation of compliance activities, assessments, audits, and remediation efforts.
    • Prepare and present compliance reports to management, auditors, and regulatory bodies as required.
  • Continuous Improvement:
    • Stay informed about emerging security threats, new regulations, and industry best practices.
    • Identify opportunities for improving the organization’s security posture and compliance processes.
    • Collaborate with cross-functional teams to implement enhancements and drive continuous improvement.

Knowledge, Skills, and Abilities:

  • Strong interpersonal and communication skills (oral and written) due to interaction with employees at all levels and need for accuracy in role. Ability to elicit clarity.
  • Ability to effective work with project team members and stakeholder’s others across the company to achieve a common goal.
  • Ability to acquire knowledge of organizational methods and business acumen.
  • Understanding of Agile, Waterfall & LEAN methodologies. Knowledge of System Development Life Cycle framework.
  • Ability to manage multiple tasks/duties simultaneously. Capable of working on multiple projects.
  • Strong facilitation skills. Ability to run an effective and efficient meeting.
  • Strong analytical skills and attention to detail.
  • Knowledge of robotic process automation (RPA) and business automation. Familiar with Automation Implementation Methodology. Basic knowledge of how automations are developed with the automation tools, such as UiPath and Power Automate.
  • Ability and willingness to pursue relevant designations and/or continuing education, as appropriate.
  • Must be knowledgeable of and comply with HMA’s Client Privacy Policy, HIPAA regulations and E&O procedures and policies.


  • Associate’s or Bachelor’s degree in a related area or an equivalent combination of education, training, and experience
  • 5+ years relevant experience in Information Security; Experience in compliance, governance, or other security-related field
  • CISSP or CISA designation preferred, or willing to obtain within 2 years.

Benefits:  In addition to core benefits like health, dental and vision, also enjoy benefits such as:

  • Paid Parental Leave and supportive New Parent Benefits — We know being a working parent is hard, and we want to support our employees in this journey!
  • Company paid continuing Education & Tuition Reimbursement — We support those who want to develop and grow.
  • 401k Profit Sharing — Each year, Holmes Murphy makes a lump sum contribution to every full-time employee’s 401k. This means, even if you’re not in a position to set money aside for the future at any point in time, Holmes Murphy will do it on your behalf! We are forward-thinking and want to be sure your future is cared for.
  • Generous time off practices in addition to paid holidays — Yes, we actually encourage employees to use their time off, and they do. After all, you can’t be at your best for our clients if you’re not at your best for yourself first.
  • Supportive of community efforts with paid Volunteer time off and employee matching gifts to charities that are important to you — Through our Holmes Murphy Foundation, we offer several vehicles where you can make an impact and care for those around you.
  • DE&I programs — Holmes Murphy is committed to celebrating every employee’s unique diversity, equity, and inclusion (DE&I) experience with us. Not only do we offer all employees a paid Diversity Day time off option, but we also have a Chief Diversity Officer on hand, as well as a DE&I project team, committee, and interest group. You will have the opportunity to take part in those if you wish!
  • Consistent merit increase and promotion opportunities — Annually, employees are reviewed for merit increases and promotion opportunities because we believe growth is important — not only with your financial wellbeing, but also your career wellbeing.
  • Discretionary bonus opportunity — Yes, there is an annual opportunity to make more money. Who doesn’t love that?!

Holmes Murphy & Associates is an Equal Opportunity Employer.