Security Compliance & Risk Analyst

Who We Are
Ontic makes software that corporate and government security professionals use to proactively manage threats, mitigate risks, and make businesses stronger. Built by security and software professionals, the Ontic Platform connects and unifies critical data, business processes, and collaborators in one place, consolidating security intelligence and operations. We call this Connected Intelligence. Ontic serves corporate security teams across key functions, including intelligence, investigations, GSOC, executive protection, and security operations.
As Ontic employees, we put our mission first and value the trust bestowed upon us by our clients to help keep their people safe. We approach our clients and each other with empathy while focusing on the execution of our strategy. And we have fun doing it.
Who You Are
People are what make Ontic a great place to work. We are looking for a hungry and mission-driven Security Compliance & Risk Analyst that will work closely with all key stakeholders, and play an important role as we continue to grow. Our team is passionate about security, and we are seeking an individual who is enthusiastic about all aspects of IT and Information Security. This role reports to our Director of Information Security.

Responsibilities

• Coordinate third party audits and assessments such as FedRAMP, SOC 2 and ISO27001
• Manage vendor risk management program
• Maintain and manage the enterprise risk register; coordinate risk treatment and remediation planning with GRC stakeholders
• Coordinate internal risk assessments and business continuity/disaster recovery (BC/DR) and incident response (IR) exercises
• Perform quarterly internal security audits and assessments
• Respond to client audits, assessments and questionnaires
• Assemble compliance reports and dashboards to track progress, identify risks, and support audit readiness
• Support the data privacy program by participating in privacy risk assessments, vendor privacy reviews, and alignment with ISO 27701 and other applicable privacy frameworks
• Maintain policies and procedures for continuous compliance with FedRAMP, SOC 2, and ISO27001
• Assist in asset management efforts, including risk-based asset tracking, documentation, and alignment with security controls

Preferred Qualifications

• 1-3 years experience in information security, compliance or risk-related role
• BA/BS or higher in Cyber Security, Computer Science, Information Technology, Management of Information Systems, or a related field
• Prior experience with Hyperproof administrator is a plus
• Power BI experience  is a plus
• Prior experience as a OneTrust administrator highly desirable
• Excellent written and verbal communication skills 
• Extremely organized and able to manage multiple, time-sensitive projects simultaneously
• Experience with security-related frameworks such as FedRAMP (NIST 800-53 R5), SOC 2 and ISO27001
• Knowledge and experience with Privacy related regulations such as HIPAA, GDPR, CCPA or PIPEDA
• Security certifications such as CISA, CISSP or similar

Only U.S. citizens are eligible to apply for this role
Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Ontic we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role, we encourage you to apply anyways. You may be just the right candidate for this or other roles.
Ontic prioritizes the full inclusion of qualified individuals, providing necessary accommodations for those with disabilities to perform essential job functions. If you need assistance during the application or interview process or job tasks, please contact us at recruitment@ontic.co  or call (512) 572-7400

Ontic Benefits & PerksCompetitive SalaryMedical, Vision & Dental Benefits401kStock OptionsHSA ContributionLearning StipendFlexible PTO PolicyQuarterly company ME (mental escape) daysGenerous Parental Leave policyHome Office StipendMobile Phone ReimbursementHome Internet Reimbursement for Remote EmployeesAnniversary & Milestone Celebrations
Ontic is an equal-opportunity employer.  We are committed to a work environment that celebrates diversity. We do not discriminate against any individual based on race, color, sex, national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any factors protected by applicable law.
All Ontic employees are expected to understand and adhere to all Ontic Security and Privacy related policies in order to protect Ontic data and our clients data.