stomers to the right technology at the right place, time, and price. Arrow provides extraordinary value to customers and suppliers - the best technology companies in the world - and connects them through the company's industry-leading services.
Arrow Electronics is seeking a highly skilled Sr. IT Compliance Analyst to join our prestigious IT Risk Team. As a key member of this team, you will be responsible for providing direct support with completing a range of GLOBAL client, audit and regulatory requests and control assessments related to Information Security. Additionally, you will play a leading role in certification assessments for a variety of frameworks, including but not limited to ISO 27001, CMMC, SOC 2, PCI-DSS, and NIST CSF. This role also has a very strong focus on vulnerability management in terms of handling all interactions with system stakeholders to report vulnerabilities to them and track patching. Reporting directly to the Director of IT Risk, you will work closely with a range of teams across the business, including IT, security, legal, compliance, HR and internal and external audit bodies. This is an excellent opportunity to make a real impact and take your career to the next level.
You are dedicated to being:
Accountable to a shared vision of inclusion and diversity across Arrow
Respectful of the various viewpoints held by our team, the world over
Responsible for inviting new ideas to foster innovation for our customers
Open-minded, with well-intended curiosity, welcoming diverse ways of thinking and working.
Welcoming in how we make people feel so they can do their best work
What You Will Be Doing:
Help ensure controls are in place to provide and maintain a secure and regulatory compliant technology environment by focusing on all aspects of IT compliance, including ISO 27001, CMMC, SOC2, PCI-DSS, NIST CSF and some elements of Sarbanes Oxley (SOX).
Lead ISO 27001 audit assessments from inception to https://completion.Help maintain the related ISMS program documentation
Help to coordinate IT compliance projects and serve as an intermediary between outside resources and Arrow subject matter experts
Assist in coordination of certification audit activities, findings, management responses, and corrective action plans
Manage and update IT Risk register(s) including vulnerability management reports to senior IT management
Develop and maintain productive relationships throughout the company through individual contacts and meetings
Help facilitate and regularly update the information technology policies, standards and procedures related to certification standards
Draft and maintain documentation related to process flow charts and narratives
Assist in coordination of IT audit activities, findings, management responses, and corrective action plans
Work with stakeholders throughout the company to understand their business needs and provide subject-matter knowledge and guidance
Generate professional IT compliance collateral for use within sales and outward-facing functions
Conduct risk/ gap assessments of controls, document and maintain the results of these assessments, and provide recommendations for implementation of effective mitigating controls
Assist in the determination of gaps in the security design or operation of existing controls and provide recommendations for implementation of new or mitigating controls
Assist with any other IT Risk Management related tasks as assigned by leadership
Conduct assessment by sending and reviewing inbound and outbound security questionnaires
What We Are Looking For:
7-10+ years of professional experience in an IT or business compliance role DIRECTLY handling regulatory audits, interacting DIRECTLY with auditors, leading certification audits as the auditee and interacting with numerous technical stakeholders to achieve certification issuance
Ability to communicate effectively with technical and non-technical individuals regarding IT compliance concerns, problems, and questions. Clear communication skills, with the ability to write clearly and tailor messaging to the intended audience in professional English
Strong understanding of auditing concepts, approaches, controls, and frameworks
Working knowledge of the ISO 27001 standard. BONUS POINTS: Experience leading ISO 27001 or other assessments as the auditee
Special consideration is given to candidates with ISO 27001 Lead Auditor or other ISO 27001 Certifications
Can carry out specific tasks and execute plans while both receiving and providing constructive feedback
Customer service orientation
Requires minimal management attention-self-managed and can work in a fluid environment with the ability to adjust to new process changes
Must be an inquisitive and quick learner with attention to detail.
Preferred: Working knowledge of business and risk assessment methodologies/mitigation strategies using industry standards, https://e.g., ITIL, ISO 27001, SOC2, NIST CSF, CIS CSC 20
Must have excellent organizational, communication (written and verbal) and self-management skills
Experience with MS Office products
Additional consideration provided to candidates that have worked in GRC (Governance Risk & Compliance) platforms, such as Vanta, Drata, SecureFrame, HyperProof, Archer etc.
Clear path of education, certification, and learning. Industry standard security certifications such as CISSP, CISM, CISA are preferred but not required
Associate or bachelor's degree is not required but preferred or any equivalent combination of training, education, certification, and experience that demonstrates the ability to perform the duties of the position
Fully Remote: Must be able to travel to an Arrow office location as requested by Arrow leadership
The Skills That Will Help You Succeed Even More:
The successful candidate should possess exceptional critical thinking skills, with the ability to connect disparate dots in thought patterns. They should demonstrate strong first, second, and third order thinking abilities, enabling them to analyze complex situations, make logical deductions, and identify potential risks and compliance gaps. This role requires someone who can think beyond immediate circumstances and consider the broader implications and long-term consequences of their decisions.
Furthermore, effective communication skills are crucial for success in this position. The candidate must be able to articulate their thoughts clearly and concisely, presenting information in a manner that is easily understandable to diverse audiences. They should have the ability to communicate upwards to leadership teams and provide timely updates and reports to senior management.
It is important to note that this role goes beyond being a traditional IT compliance back-office position or operating in siloed work environments. Instead, it is a front and center role, highly visible within the organization. The candidate will be interacting with stakeholders across departments, including IT, security, internal and external audit bodies, and senior IT management. They will be leading certification assessments, coordinating audit activities, and facilitating information exchange between external auditors and internal subject matter experts. As such, the candidate must possess the presence, confidence, and capability to handle this level of visibility and engage effectively with stakeholders at all levels.
NOTE: This role covers GLOBAL audits so occasional work outside of the US time zone to cover EMEA and APAC hours will be required.
What's In It For You:
Medical, Dental, Vision Insurance
401k, With Matching Contributions
Short-Term/Long-Term Disability Insurance
Health Savings Account (HSA)/Health Reimbursement Account (HRA) Options
Paid Time Off
Access to Arrow's Employee Discount Program
Annual Hiring Range/Hourly Rate:
$111,https://900.00 - $152,https://460.00
Actual compensation offer to candidate may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level. The pay ratio between base pay and target incentive (if applicable) will be finalized at offer.
US-CO-Colorado (Remote Employees)
Remote work employees may be required to be present at the closest designated Arrow office for work-related purposes, at the Company's request and sole discretion.**
Arrow is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, gender, age, sexual orientation, gender identity, national origin, veteran or disability status. (Arrow EEO/AAP policy)