Information Security & Compliance Analyst
CloudHQ LLC•Ashburn, VA
About The Position
The Information Security & Compliance Analyst supports CloudHQ’s cybersecurity governance, risk, audit, and compliance programs by helping ensure the confidentiality, integrity, and availability of information assets, while maintaining compliance with operational, environmental, and energy management standards. This role is responsible for supporting and continually improving CloudHQ’s Information Security Management System (ISMS), Environmental Management System (EMS), and Energy Management System (EnMS), while assisting with compliance initiatives related to ISO 27001:2022, ISO 14001, ISO 50001, SOC 1, SOC 2, and other applicable frameworks and regulatory requirements. The ideal candidate will have experience in Governance, Risk, and Compliance (GRC), internal/external audit coordination, risk assessments, policy management, and cross-functional compliance activities within a fast-paced operational environment.
Requirements
- Minimum of 3–5 years of experience in Information Security, Governance Risk & Compliance (GRC), Audit & Compliance, Risk Management, or related fields.
- Experience supporting regulated environments, ISO certification programs, SOC audits, or enterprise compliance initiatives strongly preferred.
- Working knowledge of ISO 27001:2022, SOC 1, SOC 2, ISO 14001, and ISO 50001 frameworks and controls.
- Familiarity with Governance, Risk, and Compliance (GRC) principles and compliance management processes.
- Understanding of audit methodologies, risk assessments, corrective action management, and continual improvement concepts.
- Ability to manage and organize compliance documentation, audit evidence, and remediation tracking activities.
- Awareness of relevant legal, regulatory, and privacy requirements, including GDPR and data protection principles.
- Strong analytical, organizational, and problem-solving skills with attention to detail.
- Ability to communicate effectively with technical teams, operational personnel, auditors, and leadership.
- Ability to work independently while managing multiple priorities in a fast-paced environment.
- Professional demeanor, accountability, and willingness to take initiative.
Nice To Haves
- Bachelor’s degree in Information Security, Cybersecurity, Information Systems, Business Administration, or related field.
- Experience with Microsoft Office Suite (Excel, Word, Outlook, PowerPoint) and compliance/document management platforms.
- One or more of the following certifications (or willingness to obtain upon hire): ISO 27001 Lead Auditor or Internal Auditor, ISO 14001 and/or ISO 50001 Auditor, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Security+, CRISC, CGRC, or similar governance/risk certifications, SOC audit or compliance-related certifications/experience.
Responsibilities
- Support the maintenance, operation, and continual improvement of CloudHQ’s Information Security Management System (ISMS), Environmental Management System (EMS), and Energy Management System (EnMS).
- Assist with compliance activities related to ISO 27001:2022, ISO 14001, ISO 50001, SOC 1, SOC 2, and other applicable standards or customer requirements.
- Partner with the Director of Audit & Compliance to coordinate internal audits, external audits, certification activities, risk assessments, and compliance initiatives across multiple site locations.
- Support governance, risk, and compliance (GRC) activities, including risk tracking, corrective action management, policy lifecycle management, and audit remediation efforts.
- Participate in identifying operational, technical, compliance, and security risks, and assist process owners with remediation planning and corrective actions.
- Coordinate audit evidence collection, documentation reviews, and compliance tracking activities to support certification and attestation efforts.
- Act as a liaison between technical teams, operational teams, and auditors during audit and assessment activities.
- Assist with the development, review, implementation, and maintenance of policies, standards, procedures, and governance documentation.
- Support vendor, customer, and third-party security/compliance requests and assessments, as applicable.
- Participate in awareness and training initiatives related to information security, compliance, environmental, and energy management programs.
- Support continuous improvement initiatives across security, audit, operational, environmental, and energy management processes.
- Assist in tracking compliance metrics, audit findings, non-conformities, corrective actions, and management reporting activities.
- Work collaboratively with Operations, IT, Engineering, Physical Security, Environmental Health & Safety (EHS), and other business stakeholders to support enterprise compliance objectives.
- Ability to travel up to 15% as needed to support audits, compliance activities, and operational initiatives across CloudHQ locations.
Benefits
- competitive compensation
- rewarding incentives
- comprehensive benefits (medical, dental, vision, life insurance, disability)
- 401(k) with match
- 12 paid holidays
- generous PTO
- development opportunities
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
