Lead Security Compliance Analyst

The Lead Security Compliance Analyst will oversee the planning, execution, and management of SOC 1 and SOC 2 audits, ensuring compliance with industry standards and regulatory requirements. This role will coordinate with internal teams and external auditors, maintain audit readiness, and drive remediation efforts to strengthen the organization’s control environment.

 

20% - Leadership

·         Create a team environment where staff members work together for the good of the team

·         Collaborate with Security Manager to propose and implement improvements

·         Promote new ideas and process improvements from staff; document and present to management

·         Work closely with other Leads to ensure all groups are working under the same guidelines

·         Provide feedback and participate in performance reviews with Manager

·         Address concerns from staff members engaging other Leads or Managers

·         Assist Manager on department strategy, roadmap and operational plan

·         Coach and direct Security Administrators, Sr. Security Administrators, Security Analysts and Sr. Security Analysts

60% - Managing workflow

·         Lead SOX IT Compliance: Oversee all SOX IT compliance efforts, ensuring controls are designed, implemented, and tested effectively to comply with regulatory standards.

·         SOC Reporting: Coordinate SOC 1, SOC 2, and other required SOC reporting, ensuring audits are completed timely and accurately, with findings remediated as necessary

·         Evidence Management: Coordinate with various internal departments to gather SOX It and SOC documentation and evidence.

·         Control Documentation and Testing: Develop, update, and maintain control documentation for SOX IT and SOC, including risk assessments, process narratives, and control matrices. Support the preparation, review, and validation of control testing, track audit findings, and drive remediation plans to completion.

·         Collaborate with Internal & External Auditors: Work closely with internal and external auditors to facilitate SOX and SOC audits, ensure audit readiness, address issues, and develop remediation plans.

·         Project Management: Oversee complex SOX IT projects, ensuring compliance with IT security policies and standards while coordinating timelines, resources, and deliverables.

·         Regulatory Compliance Oversight: Monitor and manage IT security compliance requirements, remaining current on regulatory changes affecting SOX and SOC reporting.

·         Continuous Improvement: Identify and implement continuous improvements for SOX IT and SOC processes, focusing on reducing compliance costs, improving control environments, and optimizing testing procedures.

30% - Administrative

• Frequent meetings with team members

• Conduct weekly status meeting with Manager

• Provide feedback on performance plans

• Ensure metrics are monitored, updated and reported to Manager

• Assume accountability for directing others toward appropriate learning opportunities in both technical and related competency areas

Coach, direct and mentor others including but not limited to:

• Security Administrators

• Sr. Security Administrators

• Security Analysts

• Sr. Security Analysts

Requirements

Education:

Bachelor’s degree in Information Systems, Business Management, Computer  Science, Engineering, Accounting, Finance, Audit or related discipline; or equivalent experience.

• Professional certification(s) (CISA, Security+, MCSE, CNA/CNE, CISSP) an asset.

Previous experience:

• 7+ years working in a security and compliance related operational environment with a strong focus on SOX IT compliance and SOC reporting.

• Experience as a Sr. Security Analyst and Sr. Security Engineer; or equivalent

Knowledge and skills:

• Work independently, demonstrate initiative, adapt to change, engage in collaborative thinking, and maintain attention to detail, evaluate risks, impacts and controls and promote a positive work environment.
• Deep knowledge of SOX IT compliance, SOC 1/SOC 2 frameworks, IT general controls, and regulatory requirements.
• Strong project management, documentation, and analytical skills; proficient in GRC (Governance, Risk, and Compliance) tools and audit software.
• Ability to lead, motivate and collaborate with team members to deliver results.
• Effectively communicate with internal and external clients, senior management, business owners, and other IT resources.
• Innovative mind set to improve on policies and processes.
• Willing to put team success ahead of individual success.
• Willing and able to work the required hours to deliver results.
• Understand and resolve complex business issues related to security and compliance.