Information Security Compliance Analyst
Department: Information Technology / Security
Reports To: IT Security Leadership
Location: Lindenwold, NJ
Employment Type: Full-Time
Position Overview
CobbleStone Software is seeking a highly organized, proactive, and detail-oriented Security Compliance Analyst to support and strengthen the organization’s cybersecurity, governance, risk, and compliance initiatives. This role plays a critical part in protecting CobbleStone’s systems, infrastructure, cloud environments, client data, and operational integrity while supporting compliance with frameworks such as NIST, SOC 2, FedRAMP, and related security standards.
The Security Compliance Analyst will collaborate closely with the Legal, Leadership, and all IT teams to monitor security posture, audit readiness, manage risk-related activities, coordinate compliance initiatives, and respond to operational security concerns. The position requires a blend of technical understanding, analytical thinking, documentation management, and communication skills.
Success in this role will be measured by the employee’s ability to:
· Maintain strong operational alignment with security and compliance frameworks including NIST, SOC 2, and FedRAMP.
· Ensure audit preparation activities, evidence collection, and compliance reporting are completed accurately and on schedule.
· Identify, escalate, and assist in mitigating cybersecurity risks and vulnerabilities in a timely manner.
· Improve and maintain vendor risk management and third-party security review processes.
· Support continuous monitoring activities and ensure critical alerts are triaged appropriately.
· Contribute to incident response preparedness, tabletop exercises, and business continuity planning.
· Maintain accurate security documentation, procedures, questionnaires, and internal records.
· Collaborate effectively across departments while maintaining professionalism and confidentiality.
· Drive organizational risk exposure reduction through proactive monitoring and operational support.
· Support the company’s long-term cybersecurity maturity goals and compliance initiatives.
·
Core Responsibilities
Security Compliance & Governance
· Assist with ongoing compliance initiatives involving NIST, SOC 2, FedRAMP, CIS Controls, and related frameworks.
· Collect, organize, validate, and maintain evidence required for audits, assessments, and security reviews.
· Conduct internal and external security audits, assessments, and compliance reviews.
· Maintain and improve security procedures, standards, and compliance documentation.
· Maintain Governance, Risk, and Compliance (GRC) platforms and related processes.
· Coordinate remediation activities for audit findings, vulnerabilities, and security gaps.
· Monitor and track compliance-related action items through completion.
Security Operations & Monitoring
· Monitor security alerts, logs, uptime systems, and external threat intelligence platforms.
· Review and triage alerts generated from SIEM, endpoint protection, and monitoring solutions.
· Escalate cybersecurity incidents and operational issues to appropriate internal teams.
· Own vulnerability management activities, including scan review, reporting, prioritization, and remediation coordination.
· Assist with endpoint, infrastructure, and cloud security monitoring activities.
· Participate in incident response support and documentation activities.
Risk Management
· Own vendor risk management initiatives by researching vendors for prior breaches, litigation concerns, and security posture.
· Conduct risk assessments for systems, vendors, applications, and operational processes.
· Identify operational, technical, and compliance risks affecting the organization.
· Assist with tracking remediation plans and risk mitigation efforts.
Documentation & Security Administration
· Maintain standard security questionnaire responses and customer security documentation.
· Conduct customer, prospect, and partner security inquiries.
· Coordinate annual tabletop exercises and business continuity testing activities.
· Schedule and support meetings related to compliance, audits, security initiatives, and incident response activities.
· Ability to create and maintain clear technical, procedural, and compliance documentation.
Cross-Functional Collaboration
· Work closely with Network, Development, Product, and Leadership teams to improve security posture.
· Coordinate the implementation and validation of security controls across company systems and environments.
· Communicate security and compliance priorities clearly and professionally.
· Coordinate security awareness and operational best practices across departments.
General Responsibilities
· Adhere to all company policies, procedures, and security requirements.
· Participate in security incident escalation activities when required.
· Support critical security or compliance initiatives with time-sensitive deadlines.
· Maintain confidentiality of company, employee, customer, and vendor information.
· Support company initiatives related to operational excellence, customer satisfaction, and risk reduction.
· Complete assigned training .and maintain awareness of emerging cybersecurity threats and compliance trends.
· Perform additional responsibilities as assigned by management.
Required Qualifications
· Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience
· 2–5 years of experience in cybersecurity, IT compliance, information security, risk management, or related roles.
· Experience supporting security compliance initiatives such as SOC 2, NIST, ISO 27001, HIPAA, PCI-DSS, or FedRAMP.
· Familiarity with vulnerability management and security monitoring concepts.
· Experience conducting audits, evidence collection, and security documentation.
· Strong understanding of cybersecurity fundamentals including access control, endpoint security, vulnerability management, logging, and incident response.
· Experience working with security monitoring, endpoint protection, or compliance management tools.
· Strong written and verbal communication skills with excellent organizational abilities.
· Ability to manage multiple priorities and deadlines in a fast-paced environment.
· High attention to detail and ability to maintain confidentiality.
Preferred Experience
· Experience supporting FedRAMP, GovCloud, or federal compliance environments.
· Experience working in SaaS, cloud-hosted, or enterprise software organizations.
· Familiarity with cloud identity management, cloud security best practices, and secure configuration principles in GCP, Azure, and their Government environments.
· Experience with Governance, Risk, and Compliance (GRC) platforms.
· Security certifications such as Security+, CySA+, SSCP, CISA, CISSP, or equivalent.
· Experience with vendor risk management programs.
· Experience driving business continuity and disaster recovery initiatives.
· Exposure to SIEM analysis, threat detection, or vulnerability remediation workflows.
· Familiarity with scripting or automation tools such as PowerShell, Python, or API-based integrations is a plus
· Knowledge of secure software development lifecycle (SDLC) concepts.
Core Competencies
· Analytical Thinking
· Risk Awareness & Security Mindset
· Attention to Detail
· Technical Curiosity
· Compliance & Documentation Management
· Incident Awareness & Escalation
· Communication & Collaboration
· Problem Solving
· Time Management & Organization
· Professionalism & Confidentiality
· Adaptability in Fast-Paced Environments
· Process Improvement Orientation
Why This Role Matters
CobbleStone Software continues to expand its cybersecurity maturity, cloud security posture, and compliance initiatives to support enterprise clients, government agencies, and highly regulated industries. The Security Compliance Analyst serves as a foundational role in maintaining trust, reducing risk exposure, supporting audit readiness, and strengthening operational resilience.
This position contributes directly to protecting customer data, supporting secure product operations, maintaining compliance commitments, and enabling the company’s long-term growth strategy. The role also supports CobbleStone’s continued advancement toward federal security and compliance standards including FedRAMP readiness.
Required Tools & Technology
The Security Compliance Analyst should have familiarity with or experience using:
Security & Monitoring Tools
· Qualys
· SIEM / Log Management Platforms
· Vulnerability Management Tools
· Endpoint Detection & Response (EDR) Solutions
· Multi-Factor Authentication (MFA) Platforms
Compliance & Governance Tools
· Governance, Risk, and Compliance (GRC) platforms
· Audit management systems
· Security documentation repositories
· Vendor risk management tools
General Technology Stack
· Microsoft 365
· Microsoft Excel and reporting tools
· Ticketing and task management systems
· Cloud platforms (GCP, Azure, or equivalent)
· Collaboration tools such as Teams
Miscellaneous:
Must have excellent English communication skills.
Must be able to legally work in the United States, must pass background, criminal, and drug testing.
To apply for this position please utilize the one click apply or reach out via phone at 1-856-784-1139 ext. 1141
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status
About CobbleStone:
Founded in 1995, CobbleStone is the leading contract lifecycle management software that is trusted by thousands of users every day. The CobbleStone software is a United States government contractor and a leader with procurement, legal, and risk management software. To learn more about what we do, visit us online at www.cobblestonesoftware.com.
Job Type: Full-time
Pay: $65,000.00 - $75,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Health insurance
- Paid time off
- Professional development assistance
- Referral program
- Vision insurance
Experience:
Work Location: In person
