Information Security Compliance Analyst

Job Summary:

The Information Security Compliance Analyst will support and execute our

compliance, risk, and assurance activities across ISO 27001, SOC 2, Data Privacy, privacy,

and third-party/vendor risk.

Key Responsibilities

1) Security Compliance (ISO 27001 / SOC 2 )

Support the ongoing implementation and maintenance of the Information Security

Management System (ISMS) aligned with ISO 27001 (policies, procedures, risk

treatment plans, Statement of Applicability, evidence).

Coordinate compliance activities for SOC 2, including control mapping, evidence

collection, and periodic control checks.

Maintain compliance artifacts such as control narratives, process documentation,

evidence repositories, and compliance calendars.

2) Audit & Internal Assurance Support

Coordinate internal and external audit support activities: manage PBC requests,

schedule walkthroughs, compile evidence, and track open items.

Assist in documenting findings, validating remediation actions, and monitoring closure of

audit issues.

3) Privacy & Data Protection Support

Support privacy-related compliance requirements in partnership with stakeholders (e.g.,

data handling controls, access controls, retention, and documentation support for

DPIA/PIA where applicable).

Help respond to customer security/privacy questionnaires and due diligence requests.

4) Third-Party / Vendor Risk Management

Perform vendor risk assessments, review supporting documentation (SOC reports, ISO

certificates, PCI AoCs, security policies), and assign risk ratings.

Track vendor risks and ensure mitigation plans and follow-ups are documented and

completed.

5) Risk Management & Governance

Support periodic risk assessments, maintain risk registers, and contribute to compliance

and risk reporting/metrics.

Assist in maintaining governance documentation (policies, standards, exceptions,

training/awareness records) and promoting adherence to security controls.

Required Qualifications

5+ years of experience in information security compliance, IT GRC, IT risk, audit

support, or security assurance.

Practical exposure to at least two of the following: ISO 27001, SOC 2, privacy, vendor

risk.

Hands-on experience with audit evidence gathering, control documentation, and

coordinating with control owners.

Strong written communication and documentation skills.

Preferred Qualifications (Nice to Have)

Experience supporting ISO 27001 audits (internal/external) and maintaining ISMS

documentation.

Familiarity with GRC tooling or structured tracking (e.g., Vanta/Drata/Tugboat

Logic/ServiceNow GRC, Jira/Confluence/SharePoint).

Certification required ISO 27001 . CISA, CRISC, CISSP, PCI-related certifications are

not required but are a plus.