Home-Based IT Security and Compliance Analyst

Responsibilities

• Compliance Request Management
• Manage timely handling of annual and ad-hoc customer security questionnaires,
• compliance surveys, and audit requests.
• Review and complete customer-provided documentation, including ISO 27001 and SOC 2
• assessments, security contracts, and privacy inquiries from both prospective and existing
• clients.
• Track and report on compliance request metrics and statuses to leadership.
• Security & Technology Monitoring:
• Monitor company websites and web applications for security threats, vulnerabilities, and suspicious activity, using both automated security tools and manual assessments.
• Conduct routine vulnerability scans, penetration tests, and patch level assessments to ensure sites meet internal and external security standards.
• Maintain and regularly update company security and privacy policies to address evolving threats, regulatory requirements, and audit findings.
• Ensure websites and applications are properly patched, configured, and tested to pass ISO 27001, SOC 2 Type 2, and other relevant compliance audits.
• Serve as a point of escalation for emerging web-based security risks and coordinate timely remediation efforts.
• Collaborate with IT and development teams to design and enforce secure release management practices, ensuring vulnerability management is an integral part of the software lifecycle.
• Advise stakeholders regularly on security trends, new risks, and required changes to maintain compliance and business resilience.
• Program Administration & Documentation:
• Maintain and update all compliance documentation, such as policies, certifications, control inventories, process narratives, and audit evidence logs
• Ensure information within customer trust portals and knowledge bases is current and meets regulatory requirements
• Gather, organize, and prepare responses and evidence for internal and external audits
• Lead readiness activities and facilitate annual ISO and SOC reviews with external auditors
• Control Monitoring & Reporting
• Coordinate internal control testing, evidence collection, and risk assessments needed to demonstrate ongoing compliance with ISO 27001, SOC 2, and privacy frameworks
• Prepare reports for management and stakeholders summarizing compliance trends, remediation efforts, and open risks
• Training, Process Improvement & Regulatory Awareness:
• Plan, develop, and deliver cybersecurity awareness training programs for employees- including mandatory onboarding modules, annual refresher courses, and targeted materials for specific roles and locations.
• Conduct simulated phishing tests and other assessments to measure employee security awareness, using results to identify training gaps and improve program effectiveness.
• Document training participation, results, and ongoing training compliance for audit and regulatory review.
• Prepare reports for management and stakeholders summarizing compliance trends, remediation efforts, open risks, and training status
• Identify and implement continuous improvement opportunities in compliance and security request handling processes
• Monitor evolving regulatory and industry requirements; recommend and support changes to internal policies and controls
• WHAT WE LOOK FOR
• Education: Bachelor's degree in information security, Computer Science, Business, or relevant discipline, or equivalent work experience.
• Experience: Compliance Experience: Minimum 3 years' exper

Additional Information

It's fun to work in a company where people truly BELIEVE in what they're doing! We're committed to bringing passion and customer focus to the business. The Client Services Home-Based IT Security & Compliance Analyst is responsible for managing security, privacy, and compliance requests from customers and prospects while supporting the company's information security and regulatory compliance programs. This role works closely with IT, Legal, Sales, and Operations teams to ensure audits, due diligence activities, and compliance requirements are completed accurately and efficiently. The position also supports adherence to security frameworks such as ISO 27001, SOC 2 Type 2, and other industry standards relevant to the eCommerce business. REQUIRED CORE COMPETENCIES Stakeholder Communication - Effectively communicates security, compliance, and risk-related information to customers, auditors, leadership, and non-technical stakeholders. Attention to Detail - Maintains accuracy when reviewing security questionnaires, audit evidence, policies, compliance documentation, and regulatory requirements. Organization & Time Management - Manages multiple compliance requests, audits, reporting deadlines, and remediation activities while ensuring timely completion. Problem-Solving & Critical Thinking - Analyzes security and compliance issues, identifies root causes, assesses risks, and recommends practical solutions. Collaboration & Relationship Building - Works closely with IT, Legal, Sales, Operations, and external auditors to drive compliance initiatives and achieve security objectives.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at delegatecx? Share your experience