We are seeking an enthusiastic Information Security Compliance and Risk Analyst ready to join a talented, hard-working, and ambitious Infosec team.
We are seeking an enthusiastic Information Security Compliance and Risk Analyst ready to join a talented, hard-working, and ambitious Infosec team.
What you’ll do here
As a key contributor to our security and compliance initiatives, you will apply a deep understanding of risk management principles and a strong command of global privacy regulations.
You’ll bring hands-on experience in designing, implementing, and auditing comprehensive compliance programs aligned with leading industry standards, including PCI DSS, SOC 2, ISO 27001/27002, and the NIST Cybersecurity Framework.
In this role, you will work cross-functionally with internal stakeholders to enhance the organization’s security posture, ensure adherence to data protection requirements, and drive ongoing improvements in response to evolving regulatory and industry demands.
Responsibilities
Support the development, implementation, and enforcement of information security policies, standards, procedures, and controls to meet legal, regulatory, and contractual obligations.Assist in evaluating the organization’s existing IT architecture against applicable security frameworks (e.g., NIST CSF, NIST 800-53) to ensure compliance and identify areas for enhancement.Oversee and support the implementation of compliance controls and operational processes aligned with recognized security frameworks and best practices.Plan and execute regular internal audits to ensure ongoing compliance with key security standards such as PCI DSS, SOC 2, and ISO/IEC 27001.Enhance and maintain a comprehensive Risk Management and Incident Response framework to ensure effective identification, mitigation, and response to security threats.Conduct audits and assessments to validate adherence to data protection policies and ensure alignment with global privacy and data protection regulations.Design and deliver privacy and security training programs, including awareness campaigns to foster a security-conscious culture across the organization.Monitor regulatory developments and maintain compliance with evolving privacy laws, including but not limited to CCPA, GDPR, PIPEDA (Canada), and LFPDPPP (Mexico).Experience We’re Looking For
Bachelor's degree in Information Security, Computer Science, or a related field.Minimum of 3-5 years of experience in Information Security, with a focus on GRC, PCI DSS, SOC 2, ISO 27001, and privacy regulations.Knowledge in privacy regulations and data protection laws in the USA (e.g., CCPA, Texas Act), Canada (e.g., PIPEDA), and Mexico (e.g., LFPDPPP).Experience with risk management practices, security audits, and compliance frameworks, including but not limited to NIST, OWASP, SANS, ISO-27001/2, and Cloud Security Alliance. Strong attention to detail and the ability to work independently.Excellent problem-solving skills with a proactive attitude toward risk mitigation.Strong ethical standards and commitment to data security and privacy.Nice to have
General knowledge of cloud environments.Experience working with Governance Risk and Compliance technologies.Experience implementing Data Privacy Technologies.Certifications such as CISA, ITIL Expert, Certified Governance Risk and Compliance (CGRC)
