Senior Security Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in Information Security, Information Systems, Computer Science, or a related field (or equivalent practical experience).
• 5+ years of experience in information security, risk management, or compliance roles, with direct responsibility for one or more major security frameworks (e.g., FedRAMP, SOC 2, ISO 27001, NIST 800-53).
• Strong working knowledge of Microsoft cloud and enterprise technologies, including Microsoft 365, Entra ID, Teams, and Microsoft Defender.
• Demonstrated ability to assess, design, and validate security controls in technical environments aligned to compliance frameworks.
• Experience supporting compliance program operations in a SaaS or regulated cloud environment.
• Exceptional written and verbal communication skills; capable of engaging technical and non-technical audiences effectively.
• High level of accountability, self-direction, and ability to work both independently and collaboratively.
• Strong organizational and documentation skills, with attention to precision and consistency.
• Ability to manage multiple projects or tasks simultaneously and adapt to a dynamic environment.
• Analytical mindset with a problem-solving approach and sound judgment.
• Collaborative spirit with a willingness to support peers, mentor others, and contribute to a culture of continuous improvement.
• Alignment with Kahua’s core values of Teamwork, Customer Focus, Continuous Improvement, Performance, and Work-life Balance
• U.S. Citizenship is required for this position, and the candidate must be able to pass an initial employment and government background check to support HSPD-12 clearance eligibility.

Nice To Haves

• Security-related certifications preferred (e.g., CISSP, CISA, CISM, CCSP, or ISO Lead Auditor/Implementer).

Responsibilities

• Drive and support ongoing security compliance activities across multiple frameworks, including FedRAMP, SOC 2 Type 2, ISO 27001, and additional certifications or attestations as required.
• Manage audit preparedness, evidence collection, documentation accuracy, and control lifecycle activities across internal teams.
• Translate regulatory and contractual requirements into technically sound, operationally feasible controls in coordination with technical stakeholders.
• Work closely with Engineering, DevOps, IT, and Product teams to evaluate, enhance, and validate the technical implementation of security controls in platforms such as Microsoft 365, Entra ID, and Microsoft Defender.
• Collaborate with the Manager of Risk and Compliance to track third-party risk management activities, coordinate internal risk assessments, and maintain continuous compliance operations.
• Serve as a key resource in responding to customer security assessments and questionnaires, demonstrating deep understanding of Kahua’s infrastructure, control implementations, and technical security posture.
• Analyze existing system architecture and operational processes to recommend improvements in security control design and implementation.
• Assist in maintaining and improving Kahua’s Information Security Management System (ISMS), policy governance process, and risk register.
• Support monthly compliance meetings, track program-level metrics, and contribute to long-term compliance strategy planning and reporting.