IT Security and Compliance Analyst

This is a fully remote position, open to applicants in Philippines.

📋 Description

• Oversee the prompt management of annual and on-demand customer security questionnaires, compliance surveys, and audit requests.

• Evaluate and finalize documentation provided by customers, which includes ISO 27001 and SOC 2 assessments, security contracts, and privacy inquiries from both potential and existing clients.

• Monitor and report compliance request metrics and statuses to senior management.

• Supervise the company’s websites and web applications for security threats, vulnerabilities, and suspicious activities, utilizing both automated security tools and manual evaluations.

• Conduct regular vulnerability scans, penetration tests, and patch level assessments to ensure compliance with internal and external security standards.

• Keep company security and privacy policies up to date, addressing new threats, regulatory changes, and audit findings.

• Ensure that websites and applications are adequately patched, configured, and tested to comply with ISO 27001, SOC 2 Type 2, and other relevant compliance audits.

• Act as the escalation point for emerging web-based security threats and coordinate prompt remediation actions.

• Collaborate with IT and development teams to create and enforce secure release management processes, ensuring that vulnerability management is an integral aspect of the software lifecycle.

• Regularly inform stakeholders about security trends, new risks, and necessary modifications to maintain compliance and business resilience.

• Maintain and refresh all compliance documentation, including policies, certifications, control inventories, process narratives, and audit evidence logs.

• Ensure that information within customer trust portals and knowledge bases is current and complies with regulatory standards.

• Collect, organize, and prepare responses and evidence for both internal and external audits.

• Lead readiness initiatives and coordinate annual ISO and SOC reviews with external auditors.

• Arrange internal control testing, evidence gathering, and risk assessments necessary to demonstrate ongoing compliance with ISO 27001, SOC 2, and privacy frameworks.

• Generate reports for management and stakeholders summarizing compliance trends, remediation efforts, and outstanding risks.

• Plan, develop, and conduct cybersecurity awareness training programs for employees.

• Execute simulated phishing tests and other assessments to evaluate employee security awareness, using results to identify training gaps and enhance program effectiveness.

• Document training participation, results, and ongoing training compliance for audit and regulatory purposes.

• Identify and implement continuous improvement opportunities in compliance and security request handling processes.

• Keep abreast of evolving regulatory and industry standards; recommend and facilitate changes to internal policies and controls.

⛳️ Requirements

• Bachelor’s degree in information security, Computer Science, Business, or a related field, or equivalent professional experience.

• At least 3 years of experience in IT security or privacy compliance, preferably in eCommerce or SaaS; hands-on experience with ISO 27001, SOC 2, or similar frameworks is essential.

• Strong knowledge of information security controls, risk management methodologies, and privacy principles.

• Proven capacity to organize and manage policies, evidence logs, and documentation for audit and customer response needs.

• Exceptional attention to detail and strong written/verbal communication skills; able to explain technical control requirements to non-technical audiences.

• Strong verbal, written, and English communication abilities.

• Willingness to work overnight/graveyard shifts aligned with Philippine time or within US operating hours.

• Familiarity with GRC, compliance automation, or Jira ticketing platforms is advantageous.

• Strong analytical skills to troubleshoot and resolve technical issues by examining system logs, error messages, and performance metrics.

• ISO 27001 Lead Implementer; SOC 2 audit certification is MANDATORY.

🏝️ Benefits

• Competitive salary packages.

• Permanent work-from-home arrangement.

• Provision of company equipment.

• Internet stipends upon regularization.

• HMO coverage.

• PTO credits and service incentive leaves.

• Major spring and winter company live events.

• Monthly virtual employee appreciation events.

• Company-sponsored career skills training courses.

• A corporate culture dedicated to your personal and professional development.