Security Compliance Analyst

About This Role

We're looking for a Security Compliance Analyst to support our regulatory and statutory audit readiness and help us maintain and enforce our Information Security Management System (ISMS).

This role sits at the intersection of security, technology, and business teams. You'll work closely with internal stakeholders to keep our security controls documented, audits on track, and customer, supplier, and regulatory security requirements addressed in a consistent and scalable way.

What You'll Do

ISMS and Audit Readiness

• Maintain and update ISMS documentation in line with existing frameworks.
• Support internal and external audits, including ISO 27001 and SOC-related reviews.
• Track audit findings and help reduce recurring non-conformities.
  
  

Security Compliance Operations

• Support risk management activities aligned with defined security principles.
• Help enforce ISMS policies and controls across teams.
• Coordinate evidence collection and follow-ups during audit cycles.
• Assist with supplier security assessments and third-party risk management (TPRM) activities, including documentation reviews and follow-ups.
  
  

Stakeholder, Supplier, and Customer Support

• Respond to security questionnaires from customers, partners, and suppliers.
• Support supplier onboarding assessments by reviewing security documentation and compliance artifacts.
• Assist with compliance activities related to GDPR, CCPA, and PCI DSS, including evidence collection and control tracking.
• Work with Information Security, DevOps, Development, Legal, Sales, and Procurement teams to gather accurate inputs.
• Reduce redundant compliance-related requests by improving documentation and reuse.
  
  

Reporting and Collaboration

• Prepare basic reports and summaries related to audit status, supplier risk, and compliance gaps.
• Collaborate with cross-functional teams to keep compliance work moving forward.
  
  

What We're Looking For

• 13 years of experience in information security or security compliance roles.
• Familiarity with ISO/IEC 27001:2022 requirements.
• Familiarity with AICPA Trust Services Criteria.
• Basic understanding of privacy and regulatory frameworks such as GDPR, CCPA, and PCI DSS.
• Understanding of risk management principles.
• Experience assisting with internal security audits.
• Experience supporting ISO 27001 and SOC audits.
• Strong time management and coordination skills.
• Bachelor's degree in Engineering or Technology.
  
  

Nice to Have

• ISO 27001 Lead Auditor certification.
• Experience in a consulting, audit support, or vendor risk environment.
• Master's degree in Information Security or Information Systems.
  
  

What Makes You a Strong Fit

• You're comfortable working across teams to collect information and close gaps.
• You pay attention to detail and follow through on audit and supplier risk actions.
• You can explain security, privacy, and compliance topics clearly to non-security stakeholders.
• You value accuracy, consistency, and integrity in compliance work.
  
  

Why This Role Matters

This role helps ensure we're prepared for regulatory, customer, and third-party security reviews. Your work directly supports customer trust, supplier risk management, and compliance commitments as the business operates and scales.

Why Join Us

• You'll work on real-world compliance, supplier risk, and audit challenges.
• You'll collaborate closely with security, technology, legal, and business teams.
• You'll gain exposure to industry-recognized security and privacy frameworks.
• You'll contribute to building consistent, repeatable security and compliance processes.
• You'll operate in a role with clear ownership and measurable impact.