Senior Security Analyst - Compliance

About The Position

Requirements

• Bachelor's degree in Information Security, Computer Science, Risk Management, or related field (or equivalent work experience).
• 5+ years of experience in information security, compliance, or risk management, with at least 2 years of experience in a senior or lead role.
• Strong knowledge of regulatory frameworks such as SOC 2, ISO 27001, NIST CSF, GDPR, or CCPA.
• Experience supporting audits, evidence gathering, and compliance assessments.
• Familiarity with GRC (Governance, Risk, and Compliance) platforms (e.g., Drata, OneTrust, Archer, ServiceNow GRC).
• Excellent written and verbal communication skills.

Nice To Haves

• Relevant certifications such as CISA, CISSP, CISM, or CCSK.
• Experience in cloud security compliance (AWS, Azure, GCP).
• Knowledge of third-party/vendor risk management.

Responsibilities

• Monitor, assess, and maintain compliance with frameworks such as SOC 2, NIST, and ISO 27001, as applicable.
• Support certification, attestation, and regulatory audit activities.
• Maintain evidence repositories and coordinate responses for internal and external audits.
• Develop, maintain, and enforce security policies, standards, and procedures.
• Educate employees on compliance requirements and best practices.
• Ensure alignment of security operations with company policies and legal obligations.
• Conduct security and compliance risk assessments across systems, vendors, and business processes.
• Support regular vulnerability assessments and penetration testing to identify and address system weaknesses.
• Monitor, prioritize, and manage risks from IT and Operational Technology (OT) environments.
• Track remediation efforts and verify corrective actions are implemented.
• Integrate vulnerability scanning tools for live risk scoring.
• Maintain and manage a centralized risk register tied to controls, with real-time updates.
• Support ongoing compliance training initiatives.
• Communicate regulatory and policy updates to stakeholders.
• Track compliance metrics and prepare regular reports for leadership, IT Security Council, and audit committees, as required.
• Monitor security systems, including SIEM tools, EDR, DLP, IPS systems, and other security tools to identify and respond to potential threats in real time.
• Support investigations of security incidents, perform root cause analysis, and coordinate remediation efforts to minimize impact.
• Maintain and manage updates to policies (e.g. cybersecurity, incident response, disaster recovery) in a centralized, version-controlled repository.
• Escalate non-compliance issues and propose remediation strategies.