Description

The Opportunity:

The IT Compliance Analyst will play a critical role in supporting Veson Nautical's comprehensive compliance program across multiple frameworks including SOC 1/2 Type II, ISO 27001/27017/27701, and GDPR. Reporting to the Senior IT Compliance Manager, this position will assist in maintaining compliance certifications, conducting risk assessments, managing audit processes, and ensuring adherence to information security policies and procedures. The ideal candidate will have strong attention to detail, analytical skills, and a foundational understanding of IT compliance and security frameworks.
Responsibilities:
• Assist in the preparation and coordination of SOC 1/2, ISO 27001/27017/27701, and other compliance audits, including evidence collection, documentation organization, and stakeholder communication.
• Support the maintenance and monitoring of compliance controls using Drata and other GRC platforms, ensuring timely completion of control testing and evidence uploads.
• Conduct vendor risk assessments for third-party service providers, reviewing security documentation, questionnaires, and certifications to ensure compliance with organizational standards.
• Maintain compliance documentation including policies, procedures, system security plans, and data flow diagrams across multiple products and business units.
• Track and manage remediation activities for audit findings and non-conformities, working with cross-functional teams to implement corrective actions within established timelines.
• Collaborate with IT and Engineering teams to assess the impact of system changes on compliance requirements and assist in implementing necessary controls.
• Maintain awareness of evolving regulatory requirements, industry standards, and best practices related to information security and data privacy (GDPR, CCPA, etc.).
• Support internal audit activities by scheduling reviews, documenting findings, and tracking implementation of recommendations.
Qualifications:
• Bachelor's degree in Information Technology, Information Systems, Cybersecurity, Business Administration, or a related field.
• 1-3 years of experience in IT compliance, information security, IT audit, or related roles.
• Foundational knowledge of compliance frameworks such as SOC 2, ISO 27001, NIST, or similar standards.
• Understanding of information security principles, risk management, and control frameworks.
• Experience with GRC platforms (Drata, Vanta, OneTrust, or similar) preferred.
• Familiarity with cloud platforms (AWS, GCP, Azure) and their security controls is a plus.
• Strong analytical and problem-solving skills with meticulous attention to detail.
• Excellent written and verbal communication skills, with the ability to work effectively with technical and non-technical stakeholders.
• Ability to manage multiple priorities in a fast-paced environment and work independently with minimal supervision.
• Relevant certifications such as CompTIA Security+, CISA, or similar are preferred.
• Interest in pursuing professional development in compliance and information security.

We are focused on building a diverse and inclusive workforce. If you're excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply. While we try to be thorough with our job descriptions, not everything about you as a candidate can be condensed into a list of bullet points.