Information Security Compliance Analyst

Description

We're looking for an Information Security Compliance Analyst to join our Information Security GRC team. This role supports compliance programs across a global organization, spanning multiple regulatory frameworks, security certifications, and risk management initiatives. You'll also contribute to broader GRC efforts, including third-party risk management, risk profile reporting, policy governance, and security compliance.

Reporting to the Senior Information Security Compliance Lead, you'll work across IT, Finance, Legal, and Quality teams to ensure controls are operating effectively, audit evidence is delivered on time, and compliance obligations are met. This is a great fit for someone who thrives in a multi-framework environment and wants to grow across the full GRC spectrum.

Responsibilities

• Support the execution and maintenance of compliance programs across multiple frameworks, including SOX, ISO 27001, SOC 2, CMMC, NIST 800-171, Cyber Essentials, EU Regulations, and other compliance requirements.
• Coordinate evidence collection, control testing, and audit deliverables for both internal and external audits, ensuring timely, accurate, and audit-defensible responses.
• Work with control owners across IT, Finance, and business teams to ensure controls are performed on schedule and documentation meets quality standards.
• Contribute to the organization's risk profile, helping track, report, and improve security and compliance metrics.
• Support third-party risk management activities, including vendor security assessments and risk acceptance workflows.
• Assist in maintaining and operating the organization's GRC platform for controls management, risk assessments, and policy exceptions.
• Conduct periodic reviews of compliance controls, processes, and procedures to identify gaps and drive continuous improvement.
• Provide guidance and support to control owners on evidence requirements, control design, and audit readiness.
• Collaborate with cross-functional teams to ensure compliance programs are integrated and aligned with business objectives.
• Stay current on regulatory changes, industry standards, and evolving compliance requirements to keep programs effective.

Qualifications

Required

• 2+ years of experience in a compliance, GRC, or IT audit role.
• Working knowledge of SOX ITGC/ITAC controls and the audit lifecycle.
• Familiarity with at least two of the following: ISO 27001, SOC 2, NIST 800-171, CMMC, Cyber Essentials.
• Strong organizational skills, ability to manage multiple audit timelines, deliverables, and stakeholders simultaneously.
• Clear written and verbal communication skills; able to translate compliance requirements for technical and non-technical audiences.
• Self-starter with a continuous improvement mindset.

Preferred

• Experience with GRC platforms (e.g., LogicGate, ServiceNow GRC, AuditBoard, or similar).
• Exposure to cloud security compliance (AWS, Azure) or vulnerability management programs.
• Experience supporting external audits.
• Familiarity with third-party risk management processes.
• Relevant certifications (CISA, CRISC, ISO 27001 Lead Auditor, Security+, or similar) are a plus but not required.