Information Security and Compliance Analyst

Veracity Insurance•Pleasant Grove, UT

27d

About The Position

At Veracity, we aim to be a different kind of insurance partner – one that is free from outside investors, venture capital, or the pressures of a corporate parent. Ours is a culture of empowerment – one that believes in effort, results, and accountability. We believe that transparency fosters trust, trust fosters growth, and that growth drives innovation. Our commitment to rigorous evaluation and relentless execution lead to rapid evolution. We answer only to the small business owners we serve, and this independence allows us to stay focused on what matters most: helping their businesses thrive by providing expert guidance and best-in-class insurance policies. We’re growing fast and want you to be a part of it! We’re seeking a talented, detail-oriented Information Security and Compliance Analyst to join our team. Reporting to the Technical Operations and Information Security Manager, this role is responsible for supporting the organization’s cybersecurity posture by maintaining and enhancing security policies, controls, and monitoring systems, and ensuring compliance with frameworks such as SOC 2 and PCI DSS to protect company and client data.

Requirements

Bachelor’s degree in information systems, IT, Cybersecurity, or a related field
2–3 years of experience in security compliance, auditing, or governance (SOC 2 experience preferred)
Strong integrity, attention to detail, and accountability in handling sensitive or regulated information
Proactive problem-solving skills with the ability to anticipate and address risks effectively
Strong collaboration and communication skills with experience working across technical and compliance teams
Ability to remain composed and effective under pressure, including during audits and security incident

Responsibilities

Strengthen the organization’s cybersecurity posture by implementing, maintaining, and improving security policies, standards, and technical controls
Monitor security tools and system activity to identify, investigate, and escalate potential threats or vulnerabilities
Support vulnerability management, including performing scans, tracking remediation, and validating fixes
Maintain accurate, audit-ready documentation and coordinate evidence collection for SOC 2, PCI DSS, and other compliance frameworks
Support incident response processes, including triage, documentation, and post-incident follow-up
Assist with user access reviews, control testing, risk assessments, and security awareness efforts
Collaborate with IT, Engineering, and Compliance teams on secure configurations, remediation plans, and cross-functional security initiatives
Participate in routine policy, procedure, and control reviews to ensure alignment with regulatory requirements and security best practices
Maintain detailed logs and reports of security activities, metrics, and compliance obligations
Identify opportunities to strengthen controls, streamline processes, and enhance overall security program maturity
Required to perform other duties as requested, directed, or assigned