Security & Compliance Analyst

Benefits:

401(k) 401(k) matching Bonus based on performance Company parties Competitive salary Dental insurance Health insurance Paid time off Vision insurance Overview We are hiring a Security & Compliance Analyst to support multiple client environments with a focus on security operations, compliance readiness, and risk management. This role is hands-on and execution-focused, working closely with client IT leadership and internal teams to ensure security controls are effective, documented, and consistently maintained. The Security & Compliance Analyst owns day-to-day security and compliance activities across clients, helping translate security findings into actionable remediation and keeping environments audit-ready without unnecessary complexity. Key Responsibilities Security Operations & Governance Lead recurring security posture reviews with client IT teams Review SOC findings, open risks, threat trends, and prioritized remediation actions Track security posture and risk over time, not just during audits Compliance & Documentation Serve as the primary resource for compliance-related activities across security platforms Maintain audit-ready documentation including policies, procedures, evidence, risk registers, and remediation logs Document security system configurations, changes, and control maturity Produce artifacts to support annual assessments and client audit requests Access Control & Identity Design, implement, and maintain role-based access control (RBAC) Enforce least-privilege access standards Manage and document access models and reporting visibility for stakeholders Reporting & Metrics Configure and maintain automated security and compliance reporting Deliver regular reports covering incidents, vulnerabilities, SLAs, and compliance status Clearly communicate security findings to both technical and non-technical audiences Vulnerability & Risk Management Review vulnerability scan results and security findings Partner with IT teams to prioritize remediation based on risk and business impact Track remediation progress and validate closure of findings Disaster Recovery & Business Continuity Support Disaster Recovery and Business Continuity planning activities Participate in tabletop exercises and incident simulations Document outcomes, gaps, and lessons learned Client & Internal Support Provide security and compliance support across multiple client environments Assist with security assessments, gap analyses, and remediation planning Help standardize security processes, documentation, and reporting across clients Serve as an internal subject-matter expert for security and compliance best practices Required Experience & Skills 3-5+ years of experience in IT security, compliance, risk management, or related roles Strong understanding of security operations, SOC workflows, and vulnerability management Experience supporting audits or compliance frameworks such as SOC 2, NIST, CIS, or ISO Proven ability to create and maintain clear, organized, audit-ready documentation Experience implementing RBAC and least-privilege access models Comfortable working across multiple environments with varying levels of security maturity Strong written and verbal communication skills Preferred (Not Required) Experience in a managed services or consulting environment Familiarity with MDR, SIEM, vulnerability scanning, and cloud security platforms Experience supporting tabletop exercises or incident response planning Security certifications such as Security+, CISSP, CISM, or similar What Success Looks Like Security risks are clearly documented, prioritized, and tracked to resolution Audits and assessments are predictable and well-supported Security documentation is current, accurate, and usable Clients understand their security posture and next steps Internal teams rely on you as a trusted security and compliance resource Work Style Organized, accountable, and comfortable owning outcomes Able to manage multiple priorities without losing attention to detail Practical, risk-focused, and business-aware Willing to raise concerns when something is insecure, undocumented, or unclear Flexible work from home options available.