Overview
We are hiring a Security & Compliance Analyst to support multiple client environments with a focus on security operations, compliance readiness, and risk management. This role is hands-on and execution-focused, working closely with client IT leadership and internal teams to ensure security controls are effective, documented, and consistently maintained.
The Security & Compliance Analyst owns day-to-day security and compliance activities across clients, helping translate security findings into actionable remediation and keeping environments audit-ready without unnecessary complexity.
Key Responsibilities
Security Operations & Governance
Lead recurring security posture reviews with client IT teams
-
Review SOC findings, open risks, threat trends, and prioritized remediation actions
-
Track security posture and risk over time, not just during audits
-
Compliance & Documentation
Serve as the primary resource for compliance-related activities across security platforms
-
Maintain audit-ready documentation including policies, procedures, evidence, risk registers, and remediation logs
-
Document security system configurations, changes, and control maturity
-
Produce artifacts to support annual assessments and client audit requests
-
Access Control & Identity
Design, implement, and maintain role-based access control (RBAC)
-
Enforce least-privilege access standards
-
Manage and document access models and reporting visibility for stakeholders
-
Reporting & Metrics
Configure and maintain automated security and compliance reporting
-
Deliver regular reports covering incidents, vulnerabilities, SLAs, and compliance status
-
Clearly communicate security findings to both technical and non-technical audiences
-
Vulnerability & Risk Management
Review vulnerability scan results and security findings
-
Partner with IT teams to prioritize remediation based on risk and business impact
-
Track remediation progress and validate closure of findings
-
Disaster Recovery & Business Continuity
Support Disaster Recovery and Business Continuity planning activities
-
Participate in tabletop exercises and incident simulations
-
Document outcomes, gaps, and lessons learned
-
Client & Internal Support
Provide security and compliance support across multiple client environments
-
Assist with security assessments, gap analyses, and remediation planning
-
Help standardize security processes, documentation, and reporting across clients
-
Serve as an internal subject-matter expert for security and compliance best practices
-
Required Experience & Skills
3–5+ years of experience in IT security, compliance, risk management, or related roles
-
Strong understanding of security operations, SOC workflows, and vulnerability management
-
Experience supporting audits or compliance frameworks such as SOC 2, NIST, CIS, or ISO
-
Proven ability to create and maintain clear, organized, audit-ready documentation
-
Experience implementing RBAC and least-privilege access models
-
Comfortable working across multiple environments with varying levels of security maturity
-
Strong written and verbal communication skills
-
Preferred (Not Required)
Experience in a managed services or consulting environment
-
Familiarity with MDR, SIEM, vulnerability scanning, and cloud security platforms
-
Experience supporting tabletop exercises or incident response planning
-
Security certifications such as Security+, CISSP, CISM, or similar
-
What Success Looks Like
Security risks are clearly documented, prioritized, and tracked to resolution
-
Audits and assessments are predictable and well-supported
-
Security documentation is current, accurate, and usable
-
Clients understand their security posture and next steps
-
Internal teams rely on you as a trusted security and compliance resource
-
Work Style
Organized, accountable, and comfortable owning outcomes
-
Able to manage multiple priorities without losing attention to detail
-
Practical, risk-focused, and business-aware
-
Willing to raise concerns when something is insecure, undocumented, or unclear
-
Flexible work from home options available.