Job Description

The Role 

We are seeking a Senior Security Analyst to strengthen our information security and compliance posture as we scale. This role will help design, implement, and monitor security controls, ensuring alignment with regulatory and customer requirements such as SOC 2 and ISO 27001.

You will partner cross-functionally with IT, Legal, and Engineering to maintain compliance, mitigate risk, and foster a culture of security throughout the organization. The ideal candidate is highly collaborative, detail-oriented, and passionate about improving security in a practical, business-aware way.

• Support the design, implementation, and ongoing operation of the company’s information security program, aligned with SOC 2, ISO 27001, and other frameworks as applicable
• Operate and maintain GRC tools (Vanta) to track controls, automate evidence collection, and support audits
• Coordinate and respond to customer security questionnaires and due diligence requests in a timely, accurate manner
• Maintain and update the company’s Trust Center and other externally-facing security and compliance materials
• Conduct and document risk assessments, control testing, and evidence collection to support audits and internal reviews
• Monitor security tools and dashboards for alerts and suspicious activity; escalate and assist in investigations as needed
• Help draft, maintain, and enforce security policies, standards, and procedures
• Perform vendor risk assessments and track remediation activities with third parties
• Collaborate with IT to improve endpoint, cloud, and identity security controls
• Conduct periodic access reviews and support IAM governance
• Assist with security awareness training campaigns and phishing simulations
• Contribute to security incident response plans and participate in tabletop exercises
• Drive continuous improvement of security and compliance processes

• 4–7 years of experience in information security, risk, or compliance roles, with exposure to security operations and/or GRC
• Strong working knowledge of security principles, risk management, and compliance frameworks (e.g., SOC 2, ISO 27001, NIST CSF)
• Hands-on experience with GRC tools (Vanta or similar) to support audits, evidence collection, and control tracking
• Experience responding to customer security questionnaires and maintaining public-facing security materials (e.g., Trust Center)
• Experience supporting external audits and maintaining evidence repositories
• Familiarity with cloud environments (e.g., AWS, GCP) and SaaS security considerations
• Understanding of identity and access management (IAM) principles and best practices
• Excellent organizational and documentation skills, with strong attention to detail
• Strong written and verbal communication skills, able to convey security concepts to non-technical stakeholders
• Experience with third-party risk management and vendor assessments
• Proven ability to work effectively across teams in a collaborative, fast-paced environment
• Hands-on experience with security tools such as SIEM, CSPM, EDR, and vulnerability scanners

Job Tags

Similar Jobs