Associate Information Security Compliance Analyst
About The Position
At NAVEX, we’re transforming the world—making it safer, more ethical, and ensuring every voice is heard. That’s real impact. Our high-performance culture is driven by our values. We move with speed, passion and purpose — as one team. We are bold in our ideas, accountable in our actions, and committed to doing the right things right. As a key member of our Information Security department, you will support the organization’s regulatory, certification, and third-party risk management efforts. This role assists in maintaining compliance with ISO standards (e.g., ISO 27001), SOC 1/SOC 2 audit requirements, and third-party vendor risk management programs. The position ensures documentation, controls, and processes align with regulatory, contractual, and internal compliance obligations. In partnership with our RFP Specialist, sales and legal functions, you will catalog and describe our technical capabilities and the security controls we have in place in order to drive revenue and customer retention. Additional duties may include participating in our vulnerability management and PEN testing process while helping customers realize the value of our integrated risk and compliance management products and services. You’ll thrive in this hybrid role surrounded by an engaged, collaborative team deeply committed to your success. Join us and help shape what’s next! At NAVEX, you will work in a hybrid role and thrive alongside an engaged and collaborative team invested in supporting your success!
Requirements
- Minimum of an Associate’s degree in Information Security, Risk Management, or related field preferred
- 2+ years of experience in compliance, information security, audit, or risk management
- Experience supporting ISO 27001, SOC 1/SOC 2, or similar frameworks is highly desirable
- Familiarity with third-party risk management processes
- Existing or willingness to obtain security certifications (e.g. CISA, ISO 27001 Internal Auditor, CISSP, Security +, etc.)
- Familiarity with creating and implementing technical and information security policies and procedures, and technical writing in a SaaS environment
- Strong presentation skills, project planning and scoping experience
- Culture Agility. Comfort working in a fast-paced, candid environment that values innovation, healthy debate, and follow-through
- AI Readiness. Curiosity and willingness to use AI and emerging technologies to elevate your work and deliver smarter outcomes
- Fuel performance and outcomes. Leverage your job competencies and champion NAVEX’s core values.
Responsibilities
- Complete requests for proposal and technical questionnaires from prospects and customers
- Assist with SOC 2 audit, ISO 27001 compliance and customer risk assessments
- Assist in maintaining and improving the Information Security Management System (ISMS) in alignment with ISO 27001
- Conduct vendor risk assessments and due diligence reviews
- Support internal and external certification audits and client assessments
- Maintain compliance documentation, policies, procedures, and control evidence
- Prepare compliance reports for management
- Stay current on regulatory and industry standard changes
- Coordinate application and infrastructure penetration (PEN) tests
- Participate and/or lead our vulnerability management process
Benefits
- Meaningful Purpose.
- High-Performance Environment.
- Candid, Supportive Culture.
- Growth That Matters.
- Rewards for Results.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
Education Level
Associate degree
