Security and Compliance Analyst

About the Role:

The Senior Security Analyst in Compliance and Audit is responsible for ensuring the organization meets and maintains compliance with key security frameworks such as ISO27000, ISO27001/18, CSA, SOC2, and ISO27701. This role includes managing the audit lifecycle, overseeing policy and contract governance, and ensuring compliance across all areas of the ISMS (Information Security Management System), including ESG and BCM domains. The analyst must possess deep technical knowledge of operating systems, cloud computing, cloud-native applications, and secure software development practices within the SDLC. The role also includes leading cyber maturity assessments and contributing to the organization's ESG and privacy initiatives.

What You'll Do:

• Strategic Audit Leadership: Lead strategic planning and execution of audits across ISO27000, ISO27001/18, CSA, SOC2, and ISO27701. Ensure comprehensive compliance across ISMS areas including BCM, ESG, privacy, contract management, vendor risk, and cloud security.
• Advanced Data Analysis and Risk Assessment: Use machine learning and big data analytics to assess compliance risks, identify trends, and guide strategic decisions.
• ISMS and ESG Control Architecture: Design and manage security and ESG controls, ensuring alignment with organizational goals and regulatory requirements.
• Policy and Contract Governance: Lead governance of security policies and contract management processes. Ensure alignment with legal, regulatory, and ESG standards.
• External Audit Leadership: Serve as the primary technical liaison for external audits. Address findings with effective technical solutions.
• Privacy and ISO27701 Compliance: Oversee implementation and maintenance of privacy controls aligned with ISO27701. Ensure data protection practices are embedded across systems and processes.
• Innovation in Compliance Processes: Introduce new technologies and methodologies to enhance audit and ISMS management.
• SDLC Security Leadership: Integrate security best practices into the SDLC, including CI/CD pipelines and secure coding standards.
• OS and Cloud Security Leadership: Lead security efforts across operating systems, cloud platforms, and cloud-native applications.
• Cyber Maturity and ESG Assessments: Conduct cyber maturity and ESG capability assessments. Recommend strategic improvements.
• Leadership and Team Development: Mentor and lead the Compliance and Audit team. Foster a culture of continuous improvement and proactive risk management.

What You Bring:

• 5 to 8 years of experience in ISO27000, ISO27001/18, ISO27701, CSA, SOC2.
• Strong understanding of ESG principles and their integration into security and compliance.
• Mastery of BCM, privacy, incident management, risk management, and contract governance.
• Strong leadership, communication, and technical reporting skills.
• Experience with OSs (Windows, Linux), cloud platforms, and secure SDLC practices.

About Simeio and What We Do:

Simeio has over 650 talented employees across the globe. We have offices in USA (Atlanta HQ and Texas), India, Canada, Costa Rica and UK.

Founded in 2007 and now backed by private equity company ZMC, Simeio is recognized as a top IAM provider by industry analysts. Alongside Simeio's Identity orchestration tool 'Simeio IO' - Simeio also partners with industry leading IAM Software vendors to provide access management, identity governance and administration, privileged access management and risk intelligence services across on- premises, cloud, and hybrid technology environment. Simeio provides services to numerous Fortune 1000 companies across all the industries including financial services, technology, healthcare, media, retail, public sector, utilities and education.

Simeio is an equal opportunity employer. If you require assistance with completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to any of the recruitment team at or