IT Security Compliance Analyst

About The Position

Requirements

• Experience: 4+ years in IT Audit, Information Security, or Compliance, specifically within a SaaS or Cloud Service Provider environment.
• Framework Expertise: Deep functional knowledge of SOC 2, ISO 27001, and NIST 800-53 (FedRAMP).
• Technical Literacy: Ability to understand cloud infrastructure concepts (AWS/Azure) and explain security controls related to IAM, encryption, and vulnerability management.
• Communication: Exceptional ability to translate "auditor-speak" into technical requirements for developers.

Nice To Haves

• Certifications: CISA, CRISC, CISM, or CISSP
• Familiarity with international standards like IRAP or Cyber Essentials is highly preferred.
• Familiarity with the following services: Knowbe4, SafeBase, Ascend, and/or Jira

Responsibilities

• Audit Management: Lead the preparation, execution, and remediation phases for global audits including SOC 1/SOC 2, ISO 27001/27701, and Cyber Essentials Plus.
• Public Sector Compliance: Maintain Boomi’s FedRAMP authorization status (Moderate/High) and support Australian government requirements via the IRAP framework.
• Continuous Monitoring: Perform regular internal gap analyses and "mock audits" to ensure controls are operating effectively throughout the year, not just during audit windows.
• Stakeholder Collaboration: Work closely with Engineering, Legal, and HR to document processes and evidence that satisfy security control requirements.
• Risk Assessment: Identify and communicate security risks associated with third-party vendors and internal architectural changes.
• Evidence Collection Automation: Drive initiatives to automate compliance evidence collection to reduce "audit fatigue" across the technical organization.