Associate Information Security Compliance Analyst

NAVEX•Charlotte, NC

6h•$70,000•Hybrid

About The Position

At NAVEX, we’re making the world a better place. A safer place. A more ethical place. A place where anyone, anywhere can have a voice. That’s a serious impact. As a key member of our Information Security department, you will support the organization’s regulatory, certification, and third-party risk management efforts. This role assists in maintaining compliance with ISO standards (e.g., ISO 27001), SOC 1/SOC 2 audit requirements, and third-party vendor risk management programs. The position ensures documentation, controls, and processes align with regulatory, contractual, and internal compliance obligations. In partnership with our RFP Specialist, sales and legal functions, you will catalog and describe our technical capabilities and the security controls we have in place in order to drive revenue and customer retention. Additional duties may include participating in our vulnerability management and PEN testing process while helping customers realize the value of our integrated risk and compliance management products and services. At NAVEX, you will work in a hybrid role and thrive alongside an engaged and collaborative team invested in supporting your success! What you’ll get: Meaningful Purpose. Your work helps organizations operate with integrity and protect their people—at a scale few companies can match. High-Performance Environment. We move with urgency, set ambitious goals, and expect excellence. You’ll be trusted with real ownership and supported to do the best work of your career. Candid, Supportive Culture. We communicate openly, challenge ideas—not people—and value teammates who embrace bold thinking and continuous improvement. Growth That Matters. You can count on authentic feedback, strong accountability, and leaders invested in your success so you can achieve real growth. Rewards for Results. We provide clear, competitive compensation designed to recognize measurable outcomes and real impact.

Requirements

Minimum of an Associate’s degree in Information Security, Risk Management, or related field preferred
2+ years of experience in compliance, information security, audit, or risk management
Familiarity with third-party risk management processes
Existing or willingness to obtain security certifications (e.g. CISA, ISO 27001 Internal Auditor, CISSP, Security +, etc.)
Familiarity with creating and implementing technical and information security policies and procedures, and technical writing in a SaaS environment
Strong presentation skills, project planning and scoping experience
Culture Agility. Comfort working in a fast-paced, candid environment that values innovation, healthy debate, and follow-through
AI Readiness. Curiosity and willingness to use AI and emerging technologies to elevate your work and deliver smarter outcomes
Ability to drive results through your job competencies of effective communication, project management and technical aptitude while leveraging NAVEX’s core values

Nice To Haves

Experience supporting ISO 27001, SOC 1/SOC 2, or similar frameworks is highly desirable

Responsibilities

Complete requests for proposal and technical questionnaires from prospects and customers
Assist with SOC 2 audit, ISO 27001 compliance and customer risk assessments
Assist in maintaining and improving the Information Security Management System (ISMS) in alignment with ISO 27001
Conduct vendor risk assessments and due diligence reviews
Support internal and external certification audits and client assessments
Maintain compliance documentation, policies, procedures, and control evidence
Prepare compliance reports for management
Stay current on regulatory and industry standard changes
Coordinate application and infrastructure penetration (PEN) tests
Participate and/or lead our vulnerability management process