Security Analyst – Compliance and Audit

Overview

The Security Analyst Compliance and Auditis responsible forsupporting andmaintainingthe organizations compliance posture across key security and privacy frameworks including ISO/IEC 27001 ISO/IEC 27018 ISO/IEC 27701 CSA STAR and SOC 2. This role plays a critical part in managing the audit lifecycle coordinating compliance activities and ensuring consistent implementation of controls across the Information Security Management System (ISMS).

The position includes ownership of the Business Continuity Management (BCM) and ongoing compliance monitoring across all ISMS domains. The analyst applies technical knowledge of operating systems cloud platformscloudnativearchitectures and secure software development practices to assess control effectiveness and support compliance requirements throughout the Software Development Lifecycle (SDLC).

In addition the role supports cyber maturity assessments and continuous improvement initiatives aimed at evaluating strengthening and advancing the organizations overall security and compliance posture.

Key Responsibilities

• Audit Management
  Lead the technical preparation and execution of ISO/IEC 27001 ISO/IEC 27018 ISO/IEC 27701 CSA STAR and SOC 2 audits ensuring audit documentation including IRLS and evidence are completeaccurate and aligned with audit requirements.

• Business Continuity Management (BCM)
  Execute the annual Business Continuity Management lifecycle including conducting Business Impact Analyses (BIA) and guiding teams to developmaintain and testappropriate BusinessContinuity and Disaster Recovery plans in alignment with ISO 22301.

• Privacy Information Management (ISO/IEC 27701 PIMS)
  Maintain and operate the Privacy Information Management System (PIMS) including data minimization practices Privacy by Design and Privacy Impact Assessments (DPIAs) maintenance of personal data inventories and data flows definition of lawful basis and data retention requirements oversight ofthirdpartyprocessors and support for data subject rights (DSARs) and privacy incident handling.

• External Audit Coordination
  Provide technicalexpertiseand support during external audits includingevidencepresentation walkthroughs and clarification of technical and operational controls.

• Control Monitoring and Continuous Improvement
  Support the monitoring assessment and continuous improvement of security and compliance controls across the ISMS including Business Continuity Management user access reviews incident management and privacy compliance validation and control assessments within cloud environments.

• Policy Management
  Contribute to the review update and maintenance of security policies standards and procedures to ensure alignment with regulatory requirements industry best practices and audit expectations.

• Documentation and Reporting
  Maintainaccurateanduptodatedocumentation for compliance activities audit findings risk treatment actions control implementations and policy updates. Produce reporting artifacts required for internal governance and external audits.

Key Skills

• Strong knowledge of securityprivacyand compliance frameworks including ISO/IEC 27000 ISO/IEC 27001 ISO/IEC 27018 ISO/IEC 27701 ISO 22301 CSA STAR and SOC 2.

• Hands-on experienceexecuting internal audits andsupporting external audits includinginformation request lists (IRL) developmentcoordinating audit activities preparing technical evidence and responding to auditor inquiries.

• Comprehensive understanding of Information Security Management System (ISMS) domains including Business Continuity Management (BCM) privacy incident management risk management user access reviews vendor andthirdpartymanagement cloud security and Secure SDLC practices.

• Policy development and governanceexperiencedrafting reviewing updating and aligning security policies standards and procedures to regulatory and compliance requirements.

• Effective communication skills with the ability to clearly explain complex technical concepts security controls and audit findings to both technical andnontechnicalstakeholders.

• Technicalproficiencyacross infrastructure and cloud platforms including operating systems (Windows and Linux) cloud environments (AWS Microsoft Azure and Oracle Cloud) andcloudnativeapplications.

Why Simeio: Simeio is a global managed services provider offering Identity and Access Management solutions delivered as a service and interoperable with leading IAM tools. With 700 employees worldwide Simeio secures over 160 million identities globally for large enterprises and government entities.

Services and solutions from Simeio include Customer Identity & Access Management Privileged Access Management Identity Proofing Access Management & Federation Identity Governance & Administration Application Onboarding and Simeio Identity Orchestrator. The company has been recognized for its business and technical leadership and highly rated by Gartner Forrester and KuppingerCole and was ranked by Great Places to Work. For more information visit

Simeio is an equal opportunity employer. If you require assistance with completing this application interviewing completing any pre-employment testing or otherwise participating in the employee selection process please direct your inquiries to any of the recruitment team at or 1 .