IT Security and Compliance Analyst

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Delegate CX

WebsiteLinkedInAll Job Openings

11 - 50 employees

🤝 B2B

🎯 Recruiter

🏢 Enterprise

B2B • Recruitment • Enterprise

Delegate CX is a company that specializes in helping U. S. businesses scale their teams by providing highly-trained global talent. Through their proprietary 4D process and comprehensive training programs, they streamline the hiring and onboarding processes, making it easier and more cost-effective for companies to grow. Delegate CX emphasizes integrating their outsourced, full-time hires seamlessly into the client company’s teams, providing an additional layer of support for continued business growth.

📋 Description

• Manage timely handling of annual and ad-hoc customer security questionnaires, compliance surveys, and audit requests. • Review and complete customer-provided documentation, including ISO 27001 and SOC 2 assessments, security contracts, and privacy inquiries from both prospective and existing clients. • Track and report on compliance request metrics and statuses to leadership. • Monitor company websites and web applications for security threats, vulnerabilities, and suspicious activity, using both automated security tools and manual assessments. • Conduct routine vulnerability scans, penetration tests, and patch level assessments to ensure sites meet internal and external security standards. • Maintain and regularly update company security and privacy policies to address evolving threats, regulatory requirements, and audit findings. • Ensure websites and applications are properly patched, configured, and tested to pass ISO 27001, SOC 2 Type 2, and other relevant compliance audits. • Serve as a point of escalation for emerging web-based security risks and coordinate timely remediation efforts. • Collaborate with IT and development teams to design and enforce secure release management practices, ensuring vulnerability management is an integral part of the software lifecycle. • Advise stakeholders regularly on security trends, new risks, and required changes to maintain compliance and business resilience. • Maintain and update all compliance documentation, such as policies, certifications, control inventories, process narratives, and audit evidence logs. • Ensure information within customer trust portals and knowledge bases is current and meets regulatory requirements. • Gather, organize, and prepare responses and evidence for internal and external audits. • Lead readiness activities and facilitate annual ISO and SOC reviews with external auditors. • Coordinate internal control testing, evidence collection, and risk assessments needed to demonstrate ongoing compliance with ISO 27001, SOC 2, and privacy frameworks. • Prepare reports for management and stakeholders summarizing compliance trends, remediation efforts, and open risks. • Plan, develop, and deliver cybersecurity awareness training programs for employees. • Conduct simulated phishing tests and other assessments to measure employee security awareness, using results to identify training gaps and improve program effectiveness. • Document training participation, results, and ongoing training compliance for audit and regulatory review. • Identify and implement continuous improvement opportunities in compliance and security request handling processes. • Monitor evolving regulatory and industry requirements; recommend and support changes to internal policies and controls.

🎯 Requirements

• Bachelor’s degree in information security, Computer Science, Business, or relevant discipline, or equivalent work experience. • Minimum 3 years’ experience in IT security or privacy compliance, ideally within eCommerce or SaaS; direct experience with ISO 27001, SOC 2, or similar frameworks required • Strong understanding of information security controls, risk management methodologies, and privacy principles • Proven ability to organize and maintain policies, evidence logs, and documentation for audit and customer response purposes • Excellent attention to detail and written/verbal communication skills; able to translate technical control requirements for non-technical audiences. • Strong verbal, written, and English communication skills. • Ability to work overnight/graveyard shifts in Philippine time or within US operating hours. • Experience with GRC, compliance automation, or Jira ticketing platforms is a plus. • Strong analytical skills for diagnosing and resolving technical issues by analyzing system logs, error messages, and performance metrics. • ISO 27001 Lead Implementer; SOC 2 audit is REQUIRED

🏖️ Benefits

• Industry-leading salary packages • Permanent work-from-home setup • Company equipment provided • Internet stipends upon regularization • HMO Coverage • PTO credits and service incentive leaves • Major spring and winter company live events • Monthly employee appreciation virtual events • Company-provided career skills training courses • A company culture focused on your personal and professional growth