The Security & Compliance Analyst, reporting to the Senior Information Security Manager, is responsible for managing and overseeing the purchasing of IT equipment, software, and services while ensuring that all procurement activities align with security and compliance standards, including SOC 2. This role involves evaluating and mitigating risks, building strong vendor relationships, and ensuring the organization adheres to relevant regulatory requirements, and assisting with the overall security & compliance environment of the organization.

• Oversee the purchasing of IT equipment, software, and services. • Ensure procurement activities align with security and compliance standards, including SOC 2.
• Research and identify potential vendors and suppliers.
• Maintain supplier contracts and place orders according to company needs.
• Build vendor relationships, negotiate purchasing agreements, and create purchase orders.
• Control the procurement budget and promote cost savings.
• Prepare procurement reports and conduct cost analyses to set benchmarks for improvement.
• Develop risk management procedures to mitigate losses in the event of product shortages.
• Conduct thorough security and compliance assessments of potential vendors before procurement decisions.
• Monitor the organization’s overall security posture.
• Conduct regular security assessments to ensure compliance with industry standards, including SOC 2.
• Perform internal audits to ensure that processes comply with relevant regulations such as GDPR, ISO 27001, and SOC 2.
• Collaborate with external auditors during compliance reviews.
• Assist in developing and implementing incident response plans for security breaches.
• Lead or participate in incident investigations.
• Develop and enforce security and compliance policies.
• Provide support in preparing for and maintaining SOC 2 compliance.
• Collaborate with teams to ensure practices meet SOC 2 requirements.
• Continuously review and enhance the organization’s strategies to align with security and compliance objectives, including SOC 2.

Skills and Qualifications

• Bachelor’s degree in Business Administration, Information Security, or a risk-related field.
• 3+ years of experience in security and compliance roles, preferably within IT procurement or vendor management.
• Familiarity with procurement processes, including contract negotiation and vendor relationship management.
• Experience with vendor risk assessments and management.
• Strong knowledge of security standards and frameworks such as SOC 2, ISO 27001, and GDPR.
• Proficiency in conducting security audits and assessments.
• Experience with incident response and security investigations.
• Willing to work on a graveyard shift (M-F, 12:00 am- 09:00 am).

Don't let this career opportunity slip by! Apply now and be a part of our team!

Interested candidates may send their resumes to [email protected]

Please refer to job description.