Security Compliance Analyst II
Phenom
Job Description
We're seeking a full-time, phenomenal Compliance Analyst to ensure Phenom's adherence to regulatory and industry information security and privacy standards. This role involves conducting audits, managing compliance initiatives, assessing risk, and collaborating with teams across the organization to enforce compliance policies and standards. The Security Compliance Analyst will be pivotal in maintaining certifications and ensuring Phenom remains compliant with frameworks such as ISO 27001 or SOC 2.
What You’ll Do
- Develop, implement, and maintain security policies, procedures, and controls to comply with regulatory and industry standards (e.g., SOC 2, ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC2, and others).
- Manage compliance initiatives, ensuring timely updates and certifications for applicable frameworks.
- Coordinate internal and external audits, including collecting evidence, managing documentation, and responding to auditor inquiries.
- Perform internal compliance assessments to identify gaps and recommend remediation strategies.
- Conduct regular risk assessments to identify processes, systems, and technology vulnerabilities.
- Collaborate with stakeholders to develop and implement mitigation strategies.
- Monitor compliance with security policies and standards, ensuring adherence across departments.
- Work closely with the sales, legal, and technical teams to respond to customer security questionnaires, RFPs, and due diligence requests.
- To streamline responses, maintain a library of frequently requested documentation, such as certifications, policies, and security process descriptions.
- Ensure responses align with the organization's security posture, compliance frameworks, and contractual obligations.
- Create and present reports on compliance status, audit results, and risk management metrics to leadership.
- Develop and deliver compliance training programs to educate employees on regulatory requirements and best practices.
- Promote a culture of compliance and security awareness across the organization.
- Assess the compliance posture of vendors and third-party partners, ensuring contractual obligations align with security and privacy standards.
- Manage vendor risk assessments and ensure ongoing monitoring of third-party relationships.
- Draft, review, and update security and privacy policies in alignment with regulatory requirements.
- Stay updated on regulatory and industry standards changes, recommending adjustments to policies and procedures as needed.
Must Have
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent work experience.
- 4-6 years of experience in information security, compliance, or risk management roles.
Specialized Knowledge
- Knowledge of regulatory and industry frameworks such as ISO 27001, SOC 2, and NIST CSF.
- Familiarity with GRC (Governance, Risk, and Compliance) tools such as OneTrust or similar.
- Basic understanding of security technologies (e.g., firewalls, SIEM, encryption) and their role in compliance.
- Proficiency with documentation tools and audit management software.
- Relevant certifications, such as Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP), are highly desirable.
Work Experience
Benefits
We want you to be your best self and to pursue your passions!
- Health and wellness benefits/programs to support holistic employee health
- Flexible hours and working schedules, as well as parental leave for new parents
- Growing organization with career pathing and development opportunities
- Tons of perks and extras in every location for all Phenoms!
Diversity, Equity, & Inclusion
Our commitment to diversity runs deep! Diversity is essential to building phenomenal teams, products, and customer experiences. Phenom is proud to be an equal opportunity employer taking collective action to build a more inclusive environment where every candidate and employee feels welcomed.
We recognize there is more to be done. Our teams are committed to continuous improvement until these powerful ideas are ingrained in our culture for Phenom and employers everywhere!