Information Security Compliance Analyst

Were looking for an Information Security Compliance Analyst to join our Information Security GRC team. This role supports compliance programs across a global organization spanning multiple regulatory frameworks security certifications and risk management initiatives. Youll also contribute to broader GRC efforts including third-party risk management risk profile reporting policy governance and security compliance.

Reporting to the Senior Information Security Compliance Lead youll work across IT Finance Legal and Quality teams to ensure controls are operating effectively audit evidence is delivered on time and compliance obligations are met. This is a great fit for someone who thrives in a multi-framework environment and wants to grow across the full GRC spectrum.

• Support the execution and maintenance of compliance programs across multiple frameworks including SOX ISO 27001 SOC 2 CMMC NIST 800-171 Cyber Essentials EU Regulations and other compliance requirements.
• Coordinate evidence collection control testing and audit deliverables for both internal and external audits ensuring timely accurate and audit-defensible responses.
• Work with control owners across IT Finance and business teams to ensure controls are performed on schedule and documentation meets quality standards.
• Contribute to the organizations risk profile helping track report and improve security and compliance metrics.
• Support third-party risk management activities including vendor security assessments and risk acceptance workflows.
• Assist in maintaining and operating the organizations GRC platform for controls management risk assessments and policy exceptions.
• Conduct periodic reviews of compliance controls processes and procedures to identify gaps and drive continuous improvement.
• Provide guidance and support to control owners on evidence requirements control design and audit readiness.
• Collaborate with cross-functional teams to ensure compliance programs are integrated and aligned with business objectives.
• Stay current on regulatory changes industry standards and evolving compliance requirements to keep programs effective.

Required

• 2 years of experience in a compliance GRC or IT audit role.
• Working knowledge of SOX ITGC/ITAC controls and the audit lifecycle.
• Familiarity with at least two of the following: ISO 27001 SOC 2 NIST 800-171 CMMC Cyber Essentials.
• Strong organizational skills ability to manage multiple audit timelines deliverables and stakeholders simultaneously.
• Clear written and verbal communication skills; able to translate compliance requirements for technical and non-technical audiences.
• Self-starter with a continuous improvement mindset.

Preferred

• Experience with GRC platforms (e.g. LogicGate ServiceNow GRC AuditBoard or similar).
• Exposure to cloud security compliance (AWS Azure) or vulnerability management programs.
• Experience supporting external audits.
• Familiarity with third-party risk management processes.
• Relevant certifications (CISA CRISC ISO 27001 Lead Auditor Security or similar) are a plus but not required.