IT Security Compliance Analyst

About Us

ShipERP, a leading multi-carrier shipping software provider, is dedicated to fostering digital supply chain transformation for companies, from privately held businesses to large, global enterprises. ShipERP's flagship product delivers multi-carrier rate shopping, tracking, and proof of delivery for streamlined business processes and a strong return on investment. With extensive supply chain expertise, ShipERP has helped clients streamline their business processes and eliminate inefficiencies. Our best-in-class services team are implementation experts with 15+ years of experience in logistics execution and transportation, with an emphasis in parcel shipping technology.

Position Overview:

We are seeking a detail-oriented and experienced Security Compliance Analyst to support and maintain our SOC 2 compliance program. This role is ideal for a mid-level professional who thrives in fast-paced or growing environments, has hands-on audit and evidence experience, and can work independently while collaborating cross-functionally. You will play a critical role in ensuring controls are properly designed, implemented, documented, tested, and continuously audit-ready. Your work will directly support the organization's security posture, risk management strategy, and regulatory obligations.

Responsibilities:

• Own the day-to-day execution of the SOC 2 compliance program, including readiness activities, ongoing control monitoring, and Type I and Type II audit cycles.
• Serve as a primary point of contact for SOC 2 audits by coordinating with internal teams and external auditors.
• Track all audit findings, observations, and remediation items through completion.
• Perform periodic testing of SOC 2 controls to ensure they are operating effectively.
• Collect, organize, validate, and maintain audit evidence across all Trust Services Criteria.
• Maintain and update SOC 2-aligned policies, procedures, standards, and documentation.
• Maintain mappings between SOC 2 Trust Services Criteria and internal systems and workflows.
• Support SOC 2-related risk assessments and remediation tracking.
• Collaborate cross-functionally with IT, R&D, HR, Finance, and Operations.
• Support third-party and vendor compliance evidence collection.
• Prepare compliance status reports and leadership updates.
• Identify opportunities to automate and improve compliance workflows.

Required Qualifications:

• Bachelor's Degree in Information Security, IT, Risk Management, or related field (or equivalent experience)
• 2–4 years of experience in security compliance, GRC, audit, or risk management
• Hands-on experience supporting SOC 2 Type I and/or Type II audits
• Strong understanding of SOC 2 Trust Services Criteria
• Experience managing audit evidence and documentation
• Strong organizational and communication skills
• Ability to work independently and manage multiple priorities

Preferred Qualifications:

• Experience working directly with external auditors
• Familiarity with compliance platforms (Tugboat Logic/OneTrust, Vanta, Drata)
• Relevant certifications (Security+, CISA, ISO 27001)

ShipERP is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or other protected category.