Senior IT Compliance Analyst

Arrow Electronics, Inc.



AR (Remote)


Position summary

stomers to the right technology at the right place, time, and price. Arrow provides extraordinary value to customers and suppliers - the best technology companies in the world - and connects them through the company's industry-leading services.

Arrow Electronics is seeking a highly skilled Sr. IT Compliance Analyst to join our prestigious IT Risk Team. As a key member of this team, you will be responsible for providing direct support with completing a range of GLOBAL client, audit and regulatory requests and control assessments related to Information Security. Additionally, you will play a leading role in certification assessments for a variety of frameworks, including but not limited to ISO 27001, CMMC, SOC 2, PCI-DSS, and NIST CSF. This role also has a very strong focus on vulnerability management in terms of handling all interactions with system stakeholders to report vulnerabilities to them and track patching. Reporting directly to the Director of IT Risk, you will work closely with a range of teams across the business, including IT, security, legal, compliance, HR and internal and external audit bodies. This is an excellent opportunity to make a real impact and take your career to the next level.

You are dedicated to being:

  • Accountable to a shared vision of inclusion and diversity across Arrow

  • Respectful of the various viewpoints held by our team, the world over

  • Responsible for inviting new ideas to foster innovation for our customers

  • Open-minded, with well-intended curiosity, welcoming diverse ways of thinking and working.

  • Welcoming in how we make people feel so they can do their best work

What You Will Be Doing:

  • Help ensure controls are in place to provide and maintain a secure and regulatory compliant technology environment by focusing on all aspects of IT compliance, including ISO 27001, CMMC, SOC2, PCI-DSS, NIST CSF and some elements of Sarbanes Oxley (SOX).

  • Lead ISO 27001 audit assessments from inception to https://completion.Help maintain the related ISMS program documentation

  • Help to coordinate IT compliance projects and serve as an intermediary between outside resources and Arrow subject matter experts

  • Assist in coordination of certification audit activities, findings, management responses, and corrective action plans

  • Manage and update IT Risk register(s) including vulnerability management reports to senior IT management

  • Develop and maintain productive relationships throughout the company through individual contacts and meetings

  • Help facilitate and regularly update the information technology policies, standards and procedures related to certification standards

  • Draft and maintain documentation related to process flow charts and narratives

  • Assist in coordination of IT audit activities, findings, management responses, and corrective action plans

  • Work with stakeholders throughout the company to understand their business needs and provide subject-matter knowledge and guidance

  • Generate professional IT compliance collateral for use within sales and outward-facing functions

  • Conduct risk/ gap assessments of controls, document and maintain the results of these assessments, and provide recommendations for implementation of effective mitigating controls

  • Assist in the determination of gaps in the security design or operation of existing controls and provide recommendations for implementation of new or mitigating controls

  • Assist with any other IT Risk Management related tasks as assigned by leadership

  • Conduct assessment by sending and reviewing inbound and outbound security questionnaires

What We Are Looking For:

  • 7-10+ years of professional experience in an IT or business compliance role DIRECTLY handling regulatory audits, interacting DIRECTLY with auditors, leading certification audits as the auditee and interacting with numerous technical stakeholders to achieve certification issuance

  • Ability to communicate effectively with technical and non-technical individuals regarding IT compliance concerns, problems, and questions. Clear communication skills, with the ability to write clearly and tailor messaging to the intended audience in professional English

  • Strong understanding of auditing concepts, approaches, controls, and frameworks

  • Working knowledge of the ISO 27001 standard. BONUS POINTS: Experience leading ISO 27001 or other assessments as the auditee

  • Special consideration is given to candidates with ISO 27001 Lead Auditor or other ISO 27001 Certifications

  • Can carry out specific tasks and execute plans while both receiving and providing constructive feedback

  • Customer service orientation

  • Requires minimal management attention-self-managed and can work in a fluid environment with the ability to adjust to new process changes

  • Must be an inquisitive and quick learner with attention to detail.

  • Preferred: Working knowledge of business and risk assessment methodologies/mitigation strategies using industry standards, https://e.g., ITIL, ISO 27001, SOC2, NIST CSF, CIS CSC 20

  • Must have excellent organizational, communication (written and verbal) and self-management skills

  • Experience with MS Office products

  • Additional consideration provided to candidates that have worked in GRC (Governance Risk & Compliance) platforms, such as Vanta, Drata, SecureFrame, HyperProof, Archer etc.

  • Clear path of education, certification, and learning. Industry standard security certifications such as CISSP, CISM, CISA are preferred but not required

  • Associate or bachelor's degree is not required but preferred or any equivalent combination of training, education, certification, and experience that demonstrates the ability to perform the duties of the position

Work Arrangement:.

  • Fully Remote: Must be able to travel to an Arrow office location as requested by Arrow leadership

The Skills That Will Help You Succeed Even More:

The successful candidate should possess exceptional critical thinking skills, with the ability to connect disparate dots in thought patterns. They should demonstrate strong first, second, and third order thinking abilities, enabling them to analyze complex situations, make logical deductions, and identify potential risks and compliance gaps. This role requires someone who can think beyond immediate circumstances and consider the broader implications and long-term consequences of their decisions.

Furthermore, effective communication skills are crucial for success in this position. The candidate must be able to articulate their thoughts clearly and concisely, presenting information in a manner that is easily understandable to diverse audiences. They should have the ability to communicate upwards to leadership teams and provide timely updates and reports to senior management.

It is important to note that this role goes beyond being a traditional IT compliance back-office position or operating in siloed work environments. Instead, it is a front and center role, highly visible within the organization. The candidate will be interacting with stakeholders across departments, including IT, security, internal and external audit bodies, and senior IT management. They will be leading certification assessments, coordinating audit activities, and facilitating information exchange between external auditors and internal subject matter experts. As such, the candidate must possess the presence, confidence, and capability to handle this level of visibility and engage effectively with stakeholders at all levels.

NOTE: This role covers GLOBAL audits so occasional work outside of the US time zone to cover EMEA and APAC hours will be required.

What's In It For You:

  • Medical, Dental, Vision Insurance

  • 401k, With Matching Contributions

  • Short-Term/Long-Term Disability Insurance

  • Health Savings Account (HSA)/Health Reimbursement Account (HRA) Options

  • Paid Time Off

  • Tuition Reimbursement

  • Access to Arrow's Employee Discount Program

  • Growth Opportunities

  • And more!

Annual Hiring Range/Hourly Rate:

$111,https://900.00 - $152,https://460.00

Actual compensation offer to candidate may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level. The pay ratio between base pay and target incentive (if applicable) will be finalized at offer.

US-CO-Colorado (Remote Employees)

Remote work employees may be required to be present at the closest designated Arrow office for work-related purposes, at the Company's request and sole discretion.
Time Type:
Full time
Job Category:
Information Technology

EEO Statement:

Arrow is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, gender, age, sexual orientation, gender identity, national origin, veteran or disability status. (Arrow EEO/AAP policy)