Security Compliance Analyst

Blackpoint Cyber

About The Position

Blackpoint Cyber is the leading provider of world-class cybersecurity threat hunting, detection and remediation technology. Founded by former National Security Agency (NSA) cyber operations experts who applied their learnings to bring national security-grade technology solutions to commercial customers around the world, Blackpoint Cyber is in hyper-growth mode, fueled by a recent $190m series C round. We are looking for a motivated Security Compliance Analyst to help lead our evolving internal security compliance program. As a member of the Internal Security Team, you work closely with the Director of Internal Security Compliance on maintaining and continuously improving our compliance initiatives. This role requires deep knowledge of US and international security and privacy frameworks and regulations and a strong foundation in cyber security, and security compliance management. You’ll play a key role in building organizational resiliency by refining security policies, conducting internal audits, and helping to drive the resolution of compliance gaps.

Requirements

Bachelor’s degree (or equivalent experience) in IT, Information Security, Computer Science, Information Systems Management, Privacy, Law, Compliance, or related field.
Minimum 5 years of experience in privacy, security, or security compliance roles, including experience with internal audit.
Strong verbal and written communication, organizational, and documentation skills. Experience working with Atlassian Suite tools for collaboration and task management.
Deep knowledge of regulatory and compliance frameworks, including SOC2, ISO 27001, GDPR, NIS2, CMMC, FedRAMP, HIPAA, PCI DSS.
Strong analytical and problem-solving abilities with strong attention to detail.
Proven ability to work with multiple stakeholder groups, coordinating as needed, and supporting the integration of compliance into business processes.
Solid understanding of compliance risk, including implementing compensating controls and translating risk assessments for technical and non-technical audiences.
Experience working in remote or distributed environments.

Nice To Haves

Hands-on experience with framework and control mapping, compliance automation tools (One Trust Certification Automation, DRATA, and others), and third-party risk management (TPRM) tools.
Relevant professional certifications are preferred, such as CISA, CIPP/US, CIPP/E, CIPM, or CIPT

Responsibilities

Support the maintenance of a comprehensive security compliance program aligned with laws, regulations, and industry best practices. This includes framework and control mapping, refining policies, standards, and procedures, and continuous monitoring of control compliance.
Maintain and optimize key programs like Third Party Risk Management and Security Awareness Training.
Apply expertise in GDPR, HIPAA, PCI DSS, NIST 800-171/CMMC, ISO 27001, SOC2, and FedRAMP controls as well as U.S. state privacy regulations to ensure practices remain compliant and up to date.
Support internal audits, partnering with stakeholders to remediate findings.
Support external audits (e.g., SOC 2) through preparation and planning, monitoring and remediation coordination, documentation and follow-up tracking.
Bring a structured, methodical approach to assisting with cross-functional project implementation.
Stay current on emerging threats, regulations, and security best practices to strengthen compliance posture.