Senior InfoSec Compliance Analyst
The Senior InfoSec Compliance Analyst will play a pivotal role in ensuring that Onit adheres to industry standards and regulatory requirements. This position involves analyzing, implementing, and maintaining compliance protocols, collaborating with internal teams, and providing strategic insights to enhance our security posture.
Responsibilities:
- Lead the planning and execution of security audits (e.g., ISO 27001, SOC 2, PCI DSS, HIPAA, NIST, GDPR).
- Assess, implement, and maintain new compliance frameworks or controls, leading cross-functional projects for certifications or attestations (e.g., achieving new levels of SOC 2, ISO 27001, or industry-specific standards).
- Lead compliance-related projects, including process improvements, tool implementations (e.g., GRC platforms), and policy roll-outs.
- Oversee and coordinate penetration testing activities and manage third-party penetration testing vendors.
- Complete and manage responses to customer security and privacy questionnaires, providing evidence of controls to support sales.
- Perform risk assessments; document findings and collaborate with stakeholders to mitigate risks.
- Develop, review, and maintain security policies, procedures, and standards.
- Serve as the point of contact for compliance-related incidents and inquiries, conducting investigations and documenting findings.
- Support vendor management by performing third-party security assessments
- Mentor and coach junior analysts, promoting a team culture of knowledge-sharing and professional growth.
Qualifications/Skills
- Bachelor’s degree in Information Security, Computer Science, or a related field.
- Minimum of 6-8 years of experience in years of experience in information security compliance, risk management, or IT audit.
- Proven experience managing and implementing major compliance frameworks (e.g., ISO 27001, SOC 2, NIST, PCI DSS, HIPAA, GDPR, etc.).
- Hands-on experience with penetration testing oversight and third-party risk assessments.
- Track record of leading or participating in successful compliance audits, certifications, and attestation projects.
- Experience managing multiple compliance projects and initiatives simultaneously.
- Ability to lead cross-functional teams and work collaboratively across departments.
- Self-motivated and proactive, with strong organizational and time-management skills.
- Strong analytical, investigative, and problem-solving skills.
- Strong written and verbal communication skills.
- Audit experience working with Enterprise SaaS software is a plus.
- Auditing knowledge of AWS and cloud infrastructures a plus.
- Professional certifications such as CISA, CISSP, or similar strongly desired.
Similar Jobs
What We Do
Onit is a global leader of enterprise software and artificial intelligence platforms and products for legal, compliance, sales, IT, HR and finance departments. Our software transforms best practices into smarter workflows, better processes and operational efficiencies. With a focus on enterprise legal management, matter management, legal spend management, contract lifecycle management and legal holds, we operate worldwide and help global companies and billion-dollar legal departments bridge the gap between systems of record and systems of engagement. Onit is the only company in our space with two platforms: Our leading no-code business process automation platform, Apptitude, and our business intelligence platform, Precedent. Apptitude allows customers to create, modify and deploy new software products and custom workflows. Onit’s legal AI platform, Precedent, enables our software products to read, write, and reason like a lawyer. Combined, the two platforms enable customers to digitally transform legal operations by automating processes, reducing costs and maximizing productivity with industry-leading cloud-based software.
