Compliance & Information Security Analyst

🕒 March 29

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

beqom

WebsiteLinkedInAll Job Openings

201 - 500 employees

☁️ SaaS

👥 HR Tech

🏢 Enterprise

SaaS • HR Tech • Enterprise

beqom is a comprehensive compensation management platform designed to bring clarity, equity, and motivation to the workforce. Since 2009, beqom has been pioneering compensation technology solutions for enterprises by integrating pay management, transparency, and equity into a seamless system. Its cutting-edge platform utilizes AI to optimize compensation processes, offering precision, scalability, and compliance for businesses across all industries. With a focus on ensuring fair employee compensation aligned with performance, beqom supports organizations in managing total compensation costs effectively while maintaining global compliance standards.

📋 Description

• Receive, triage, and complete inbound GRC / security questionnaires submitted by existing and prospective clients as part of their vendor assessment and TPRM processes. • Develop and maintain a master response library to accelerate questionnaire completion, covering areas such as data security, access controls, business continuity, incident response, and privacy. • Coordinate with internal stakeholders (Engineering, Product, Operations, Legal) to gather accurate, up-to-date technical evidence and supporting documentation. • Track questionnaire status, deadlines, and outcomes; maintain a central log and escalate blockers in a timely manner. • Build relationships with client procurement, risk, and security contacts to manage ongoing TPRM obligations efficiently. • Manage questionnaires that require formal documentary evidence — such as policies, audit reports (e.g. SOC 2, ISO 27001), penetration test summaries, data processing agreements, and certifications. • Maintain a structured evidence repository, ensuring documents are current, version-controlled, and accessible for rapid submission. • Identify gaps between client evidence requirements and the company's current documentation; work with the Head of Information Security and Compliance or relevant leads to close those gaps. • Review information security, data protection, and compliance clauses within Master Service Agreements (MSAs) and other commercial contracts from clients and prospects. • Identify obligations and requirements (e.g. audit rights, subprocessor notifications, breach notification timescales, data residency, encryption standards) and assess the company's ability to comply. • Liaise with Legal counsel and the Head of Information Security and Compliance to flag materially onerous or non-standard terms; assist in drafting redlines and proposed alternative language where appropriate. • Maintain a tracker of contractual information security obligations to ensure ongoing compliance post-signature. • Design and operate a structured TPRM programme for the company's own vendors and sub-contractors who process client data or have access to company systems. • Conduct initial and periodic risk assessments of vendors, including completion of security questionnaires, review of their compliance certifications, and assessment of contractual controls. • Categorise vendors by risk tier and ensure appropriate due diligence is applied proportionate to the nature and sensitivity of the relationship. • Maintain a vendor risk register, tracking assessment outcomes, remediation actions, and review schedules. • Report on vendor risk posture to relevant internal stakeholders on a regular cadence.

🎯 Requirements

• Proven experience in a compliance, information security, GRC, or vendor risk management role, ideally within a SaaS, technology, or regulated industry context. • Demonstrable experience completing complex security and GRC questionnaires (e.g. SIG, CAIQ, bespoke client questionnaires) and compiling supporting evidence packs. • Familiarity with common information security frameworks and standards: ISO/IEC 27001, SOC 2, NIST CSF, CIS Controls, GDPR / data protection legislation. • Experience reviewing and interpreting information security provisions in commercial contracts (MSAs, DPAs, SaaS agreements). • Strong organisational skills — able to manage multiple concurrent questionnaires and workstreams, prioritise effectively, and meet deadlines. • Excellent written and verbal communication skills, with the ability to translate technical security concepts for non-technical audiences (legal, sales, procurement). • Proficiency in maintaining documentation, trackers, and evidence repositories; high attention to detail and accuracy. • Bonus points if you have: Relevant certification such as CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor, CIPP/E, or equivalent. • Experience working with or within enterprise clients in regulated sectors such as financial services, healthcare, or energy. • Familiarity with data residency requirements and cross-border data transfer mechanisms (SCCs, BCRs). • Experience using GRC platforms or questionnaire automation tools (e.g. OneTrust, Vanta, SecurityScorecard). • Understanding of SaaS product architectures and cloud environments (AWS, Azure) from a security and compliance perspective. • Experience managing sub-processor registers and responding to data subject rights requests.

🏖️ Benefits

• Drive meaningful change • Build a fairer future for every employee by joining a market leader that is improving the world of work. • Collaborate with a passionate, diverse and talented team around the globe.