Senior InfoSec Compliance Analyst

Senior InfoSec Compliance Analyst

The Senior InfoSec Compliance Analyst will play a pivotal role in ensuring that Onit adheres to industry standards and regulatory requirements. This position involves analyzing, implementing, and maintaining compliance protocols, collaborating with internal teams, and providing strategic insights to enhance our security posture.

Responsibilities: 

• Lead the planning and execution of security audits (e.g., ISO 27001, SOC 2, PCI DSS, HIPAA, NIST, GDPR).
• Assess, implement, and maintain new compliance frameworks or controls, leading cross-functional projects for certifications or attestations (e.g., achieving new levels of SOC 2, ISO 27001, or industry-specific standards).
• Lead compliance-related projects, including process improvements, tool implementations (e.g., GRC platforms), and policy roll-outs.
• Oversee and coordinate penetration testing activities and manage third-party penetration testing vendors.
• Complete and manage responses to customer security and privacy questionnaires, providing evidence of controls to support sales.
• Perform risk assessments; document findings and collaborate with stakeholders to mitigate risks.
• Develop, review, and maintain security policies, procedures, and standards.
• Serve as the point of contact for compliance-related incidents and inquiries, conducting investigations and documenting findings.
• Support vendor management by performing third-party security assessments
• Mentor and coach junior analysts, promoting a team culture of knowledge-sharing and professional growth.

Qualifications/Skills

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Minimum of 6-8 years of experience in years of experience in information security compliance, risk management, or IT audit.
• Proven experience managing and implementing major compliance frameworks (e.g., ISO 27001, SOC 2, NIST, PCI DSS, HIPAA, GDPR, etc.).
• Hands-on experience with penetration testing oversight and third-party risk assessments.
• Track record of leading or participating in successful compliance audits, certifications, and attestation projects.
• Experience managing multiple compliance projects and initiatives simultaneously.
• Ability to lead cross-functional teams and work collaboratively across departments.
• Self-motivated and proactive, with strong organizational and time-management skills.
• Strong analytical, investigative, and problem-solving skills.
• Strong written and verbal communication skills.
• Audit experience working with Enterprise SaaS software is a plus.
• Auditing knowledge of AWS and cloud infrastructures a plus.
• Professional certifications such as CISA, CISSP, or similar strongly desired.