Associate Information Security Compliance Analyst
About The Position
At NAVEX, we’re making the world a better place. A safer place. A more ethical place. A place where anyone, anywhere can have a voice. That’s a serious impact. As a key member of our Information Security department, you will support the organization’s regulatory, certification, and third-party risk management efforts. This role assists in maintaining compliance with ISO standards (e.g., ISO 27001), SOC 1/SOC 2 audit requirements, and third-party vendor risk management programs. The position ensures documentation, controls, and processes align with regulatory, contractual, and internal compliance obligations. In partnership with our RFP Specialist, sales and legal functions, you will catalog and describe our technical capabilities and the security controls we have in place in order to drive revenue and customer retention. Additional duties may include participating in our vulnerability management and PEN testing process while helping customers realize the value of our integrated risk and compliance management products and services. At NAVEX, you will work in a hybrid role and thrive alongside an engaged and collaborative team invested in supporting your success!
Requirements
- Minimum of an Associate’s degree in Information Security, Risk Management, or related field preferred
- 2+ years of experience in compliance, information security, audit, or risk management
- Familiarity with third-party risk management processes
- Familiarity with creating and implementing technical and information security policies and procedures, and technical writing in a SaaS environment
- Strong presentation skills, project planning and scoping experience
- Culture Agility. Comfort working in a fast-paced, candid environment that values innovation, healthy debate, and follow-through
- AI Readiness. Curiosity and willingness to use AI and emerging technologies to elevate your work and deliver smarter outcomes
- Ability to drive results through your job competencies of effective communication, project management and technical aptitude while leveraging NAVEX’s core values
Nice To Haves
- Experience supporting ISO 27001, SOC 1/SOC 2, or similar frameworks is highly desirable
- Existing or willingness to obtain security certifications (e.g. CISA, ISO 27001 Internal Auditor, CISSP, Security +, etc.)
Responsibilities
- Complete requests for proposal and technical questionnaires from prospects and customers
- Assist with SOC 2 audit, ISO 27001 compliance and customer risk assessments
- Assist in maintaining and improving the Information Security Management System (ISMS) in alignment with ISO 27001
- Conduct vendor risk assessments and due diligence reviews
- Support internal and external certification audits and client assessments
- Maintain compliance documentation, policies, procedures, and control evidence
- Prepare compliance reports for management
- Stay current on regulatory and industry standard changes
- Coordinate application and infrastructure penetration (PEN) tests
- Participate and/or lead our vulnerability management process
Benefits
- Meaningful Purpose.
- High-Performance Environment.
- Candid, Supportive Culture.
- Growth That Matters.
- Rewards for Results.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
Education Level
Associate degree
