IT Security Compliance Analyst

Remote Full-time
About the position

Boomi is looking for a detail-oriented, technically savvy Security Compliance Analyst to join our Governance, Risk, and Compliance (GRC) team. In this role, you will manage the lifecycle of security audits, perform internal assessments, and ensure our cloud infrastructure remains compliant with international and regional frameworks. You will help translate complex regulatory requirements into actionable technical controls for our DevOps and Engineering teams.

Responsibilities
• Audit Management: Lead the preparation, execution, and remediation phases for global audits including SOC 1/SOC 2, ISO 27001/27701, and Cyber Essentials Plus.
• Public Sector Compliance: Maintain Boomi’s FedRAMP authorization status (Moderate/High) and support Australian government requirements via the IRAP framework.
• Continuous Monitoring: Perform regular internal gap analyses and "mock audits" to ensure controls are operating effectively throughout the year, not just during audit windows.
• Stakeholder Collaboration: Work closely with Engineering, Legal, and HR to document processes and evidence that satisfy security control requirements.
• Risk Assessment: Identify and communicate security risks associated with third-party vendors and internal architectural changes.
• Evidence Collection Automation: Drive initiatives to automate compliance evidence collection to reduce "audit fatigue" across the technical organization.

Requirements
• Experience: 4+ years in IT Audit, Information Security, or Compliance, specifically within a SaaS or Cloud Service Provider environment.
• Framework Expertise: Deep functional knowledge of SOC 2, ISO 27001, and NIST 800-53 (FedRAMP).
• Technical Literacy: Ability to understand cloud infrastructure concepts (AWS/Azure) and explain security controls related to IAM, encryption, and vulnerability management.
• Communication: Exceptional ability to translate "auditor-speak" into technical requirements for developers.

Nice-to-haves
• Certifications: CISA, CRISC, CISM, or CISSP
• Familiarity with international standards like IRAP or Cyber Essentials is highly preferred.
• Familiarity with the following services: Knowbe4, SafeBase, Ascend, and/or Jira

Apply Now

Apply Now
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Epic PB (Professional Billing) Analyst - Remote

Remote

Website Specialist (Freelancer) - LATAM

Remote

[Remote] Contested Foreclosure Specialist II

Remote

Urgently Hiring: Graphic and Responsive Web Designer - Work From

Remote

Clinical Nurse Educator (Field & Virtual), Neurology - Atlanta

Remote

Entry Level Recruiter

Remote

Need ABA/Autism Therapist in Auburn, GA

Remote

Experienced Full Stack Data Entry Specialist – Remote Work Opportunity with blithequark, No Experience or Degree Required

Remote

Paralegal Manager

Remote

Head of Identity & Regulatory Market Strategy

Remote
← Back