Job description

What you will be doing: - Policy and Compliance: - Assist with internal and external audits (e.g., SOC 2, ISO 27001, HIPAA) by gathering evidence and preparing documentation. - Help maintain and update security policies, standards, an procedures to ensure they reflect current practices and compliance obligations. - Track compliance tasks using project management or GRC tools to support audit readiness and ensure timely completion of deliverables. - Commercial Support: - Respond to customer security questionnaires and RFPs by collaborating with internal teams to gather accurate and timely responses. - Maintain a knowledge base of frequently asked questions and standard responses to improve turnaround time. - Support sales and customer success teams in navigating client security concerns and aligning them with internal controls. - Procurement Support / Vendor Security Assessment: - Conduct preliminary security reviews of third-party vendors by evaluating questionnaires and supporting documentation (e.g., SOC reports, penetration tests). - Help maintain an inventory of vendors and associated risk ratings. - Work with procurement and legal teams to ensure vendors meet the organization’s security requirements. - Governance Support: - Assist in the development, implementation, and maintenance of governance frameworks, including documentation and reporting. - Schedule and document governance meetings, including tracking of action items and decisions. - Coordinate with cross-functional teams to promote adherence to security and compliance practices. - Risk Management: - Support periodic risk assessments by identifying potential threats, documenting risk findings, and proposing mitigation strategies. - Help manage the risk register and ensure appropriate follow-up actions are documented and tracked to completion. - Participate in incident reviews or retrospectives to identify lessons learned and preventive measures. - Awareness & Training: - Contribute to the creation and delivery of security awareness materials, such as newsletters, presentations, and online modules. - Assist with onboarding processes to ensure new employees complete required security training. - Track completion of mandatory training and support efforts to improve security culture. - Research & Continuous Learning: - reading blogs, reports, and news sources. - Research and recommend new tools, frameworks, or automation opportunities to improve the organization’s security and compliance posture. - Participate in training, webinars, or certifications to deepen understanding of relevant domains What you will bring: - Bachelor’s degree in information security, Computer Science, Business, or related field, or equivalent experience. - 1-2 years of experience as a information security or compliance analyst, preferably in a SaaS, audit/accounting firm. - Experience in maintaining compliance frameworks, assisting with security reviews and audits, and supporting internal teams in navigating information security requirements. - Foundational knowledge of cybersecurity or compliance frameworks (e.g., NIST CSF, ISO 27001, SOC 2). - Awareness of cloud services (e.g., AWS, GCP, or Azure) and how they relate to security and compliance. - Strong written and verbal communication skills. - Interest in furthering career in Information Security, including, audits, vendor risk, cloud security, and GRC tooling.

Requirements