Junior Compliance Analyst

Summary

Join Firmex as a Junior Compliance Analyst and contribute to our global software-as-a-service company's compliance, risk, and IT security programs. Reporting to the Risk & Compliance Manager, you will support internal compliance controls, collaborate with various departments, assist with client RFIs and risk assessments, support our vendor management program, and contribute to security awareness programs. You will also assist with internal and external audits. This role requires strong organizational skills, excellent communication, and experience with project management software. Knowledge of compliance standards like SOC 2, HIPAA, GDPR, and experience with audit programs are essential. Firmex fosters a diverse and inclusive work environment.

Requirements

• Strong organizational skills and ability to manage multiple projects simultaneously
• Excellent communication and project management skills, as well as an eagerness to learn
• Proven collaboration with cross-functional teams
• Experience with project management software such as JIRA/Atlassian/Service Desk
• Knowledge of Quality Management or Information Security Management Systems and standards such as SOC 2, ISO, HIPAA, GDPR, and FedRAMP for a SaaS organization
• Experience with internal and external audit programs

Responsibilities

• Support our internal compliance controls to ensure compliance with internal policies and external standards
• Collaborate with various departments (Infrastructure, Security, HR, Development, Support, General Corp) to align policies with current business practices
• Assist in responding to client RFI's and risk assessments (technical sections, security, privacy, encryption, vulnerability management, access controls)
• Support our vendor management program by helping with vendor security risk assessments
• Support security awareness programs, including delivering training, promoting security best practices and running educational campaigns
• Assist with external audits to ensure compliance and identify areas of improvement
• Support internal audits and risk assessments to maintain compliance and suggest improvements

Preferred Qualifications

• Familiarity with organizational controls and/or policies (SOPs)
• Exposure to IT systems, encryption, vulnerability management, monitoring, and SaaS applications in a public cloud environment such as AWS
• Experience or exposure to Agile software development methodologies