Policy & Compliance Analyst

At Ziply Fiber, our mission is to elevate the connected lives of our communities every day. We are delivering the fastest home internet in the Northwest, with a focus on areas traditionally underserved by mainstream internet companies. And as our state-of-the-art fiber network expands in WA, OR, ID and MT, so does our need for team members who can help us grow and realize our goals.

We may be building internet, but we are reaching real people. We strive to build relationships and provide customers and communities with refreshingly great experiences.

We emphasize our values in all our interactions:

Genuinely Caring: Our customers and colleagues are people, and quite possibly our neighbors. We put ourselves in their shoes and give them our full attention.

Empowering You: We empower our customers to choose the products that best meet their needs, and we support our employees to implement solutions that elevate the experiences of our customers and coworkers.

Innovation and Improvement: We always look for ways to make the experiences of our customers – and each other – better.

Earning Your Trust: We earn trust by communicating simply and transparently as real people, not as a corporation.

Job Summary

The Policy and Compliance Analyst plays a key role in maintaining Ziply Fiber’s information security posture. This role is responsible for managing the review, publication, and enforcement of internal security policies and procedures. The Policy & Compliance Analyst supports cross-functional teams in aligning with regulatory security frameworks such as NIST, SOC 2, SOX, PCI-DSS, and helps maintain documentation that demonstrates compliance and due diligence.

Essential Duties and Responsibilities:

The Essential Duties and Responsibilities listed below are a range of duties performed by the employee and not intended to reflect all duties performed.

Policy Management

• Administer the policy lifecycle, including drafting, coordinating reviews, publishing, and updating security policies.

• Collaborate with Legal, IT, and Security to ensure policies align with business and regulatory requirements.

• Maintain centralized documentation for audits, assessments, and regulatory reviews.

• Monitor regulatory developments and assist in aligning internal practices accordingly.

Compliance Monitoring & Enforcement

• Assist in monitoring organizational adherence to internal policies and procedures.

• Track and report on compliance and policy enforcement metrics.

• Arranges, conducts and monitors compliance testing, audits, and investigations.

• Provides ongoing monitoring of compliance information systems and processes.

• Ensures compliance with all local, state, and federal laws and regulations as well as company policies, procedures and internal controls.

Audit & Evidence Management

• Assist in preparing and organizing policy and evidence documentation for internal and third-party audits.

• Generates analyses and reports containing results of compliance testing to management.

• Informs supervisor of any compliance violations.

• Reviews internal systems, controls, and processes and identifies ways to resolve regulatory gaps and deficiencies.

Compliance Training & Process Improvement

• Support compliance initiatives across departments by providing guidance and training.

• Develops, maintains, and delivers compliance training content and programs.

• Assists with the implementation of new and updated compliance systems, standards, processes, procedures, and policies.

Other Duties

Performs other duties as required to support the business and evolving organization.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, Risk Management, Legal Studies, Business, or a related field.

• Minimum of two (2) years of experience in a policy, audit, or compliance analyst role.

• Direct experience managing regulatory requirements (e.g., PCI-DSS, NIST).

• Experience contributing to cross-functional compliance projects or initiatives.

• Strong understanding of risk frameworks (e.g., NIST CSF, NIST 800-171, ISO 27001, SOC 2, SOX).

• Familiarity with GRC platforms or compliance tracking systems.

• Familiarity with legal hold, third-party risk, and incident response documentation processes.

• Familiarity with business continuity and incident response concepts and procedures.

• Excellent communication and documentation skills, including the ability to present to executives and auditors.

Preferred Qualifications:

• Preferred industry certifications such as CISA, CRISC, CISSP, or equivalent.

Knowledge, Skills, and Abilities:

• Strong organizational and analytical skills.

• Excellent verbal and written communication.

• Ability to interpret and apply regulatory requirements.

• Demonstrated integrity and professionalism in handling sensitive documentation.

Work Authorization

Applicants must be currently authorized to work in the US for any employer. Sponsorship is not available for this position.

Physical Requirements

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Essential and marginal functions may require maintaining physical condition necessary for bending, stooping, sitting, walking, or standing for prolonged periods of time; most of time is spent sitting in a comfortable position with frequent opportunity to move about. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

Work Environment

Work is performed in an office setting with exposure to computer screens and requires extensive use of a computer, keyboard, mouse, and multi-line telephone system. The work is primarily a modern office setting.

At all times, Ziply Fiber must be your primary employer. Unless otherwise prohibited by law, employees may not hold outside employment nor be self-employed without obtaining approval in writing from Ziply Fiber. In holding outside employment or self-employment, employees should ensure that participation does not conflict with responsibilities to Ziply Fiber or its business interests.

Diverse Workforce / EEO

Ziply Fiber is an equal opportunity employer. Ziply Fiber will consider all qualified candidates regardless of race, color, religion, national origin, gender, age, marital status, sexual orientation, veteran status, and the presence of a non-job-related handicap or disability or any other legally protected status.

Ziply Fiber requires a pre-employment background check as conditions of employment. Ziply Fiber may require a pre-employment drug screening.

Ziply Fiber is a drug free workplace.