Cybersecurity Analyst - Commercial Compliance

Responsibilities

• Provide direct support for external and internal audit efforts, focusing on frameworks such as SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, and ISO 42001.
• Execute and document procedures for continuous monitoring and evidence gathering; implement automated solutions, including AI, to reduce manual efforts.
• Review, edit, and update internal security policies, standards, and procedures to reflect current controls and compliance requirements.
• Assist in supply chain risk management by tracking vendor compliance, reviewing vendor security posture, and maintaining the vendor risk register.
• Participate in internal security audits and support business development with security questionnaires for RFPs.

Requirements

• 5+ years of experience in security, IT audit, GRC, or related technical field.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
• Industry certifications such as CompTIA Security+; pursuing advanced like (ISC)² CISSP.
• Foundational understanding of regulatory environments and frameworks (ISO, SOC, HIPAA, SOX, NIST, FedRAMP, GovRAMP, DoD IL 5/6, PCI DSS).
• Foundational understanding of enterprise IT/OT/ICS environments, network protocols, OS, cloud platforms, and security technologies.
• Foundational understanding of AWS and GCP security concepts and services.
• Strong organizational skills, attention to detail, and documentation management.
• Excellent written communication for technical documents and policies.

Preferred Skills

• Experience supporting audits for listed frameworks.
• Familiarity with FedRAMP.
• Understanding of data encryption, logical access controls, boundary security.
• Linux experience.
• AWS/GCP compliance support.
• Global remote team experience.
• JIRA, Asana.
• Microsoft Office 365, Google Workspace.
• GRC platforms like Anecdotes, Drata.

Compensation

Pay range: $140,000 - $160,000 (excludes bonuses, stocks, benefits).