GEODIS

Sr IT Analyst - Security

GEODIS$90K — $120K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Information Security, Computer Science, Information Systems, or related field; equivalent experience considered.
  • Minimum 6 years in information security, IT audit, or compliance roles.
  • Experience managing SOC 1 and/or SOC 2 audit engagements as auditee-side lead.
  • Familiarity with HIPAA Security Rule compliance programs, including risk analysis.
  • Practical knowledge of ISO 27001 and NIST SP 800-53 control frameworks.
  • Familiarity with data protection regulations across Americas jurisdictions and GRC platforms.

Responsibilities

  • Direct annual SOC 1 and SOC 2 audit processes, including stakeholder coordination and external auditor engagement.
  • Lead HIPAA Security Rule compliance initiatives through risk assessments and safeguards implementation.
  • Guide control owners on compliance obligations and audit readiness.
  • Coordinate with cross-functional teams to gather audit evidence rapidly.
  • Manage audit findings and drive closure of remediation activities.
  • Develop compliance metrics and dashboards for governance visibility.
  • Monitor and interpret evolving data protection regulations across the Americas.

Benefits

  • Free telemedical access on the first day of employment.
  • Early wage access via the Rain financial wellness app.
  • Health, dental, and vision insurance after 30 days.
  • 401k match and paid parental leave.
  • Career development access, employee resource groups, and mentorship programs.
  • Employee discounts and wellness perks including fitness class discounts.
  • Opportunities to volunteer and support the community.
Full Job Description
Senior IT Analyst - Security

The Senior IT Analyst - Security is a key member of the Information Security team, responsible for maintaining and advancing the organization's compliance posture across a broad portfolio of regulatory frameworks. Reporting to the Head of Security, this role leads audit readiness and evidence management for SOC 1, SOC 2, and HIPAA engagements; operationalizes controls aligned to ISO 27001 and NIST frameworks; and serves as the internal subject-matter expert for data protection regulations across North and South America. Requires a practitioner who can translate technical security controls into audit-ready artifacts and communicate risk clearly to both technical teams and executive stakeholders. Drives security governance, compliance, and risk management initiatives.

Your role on the team:

  • IT Compliance & Audit Management
  • Direct the planning, execution, and successful completion of annual SOC 1 Type 2 (SSAE 18 /AT-C 320) and SOC 2 Type 2 audits, including audit scoping, control readiness assessments, evidence management, stakeholder coordination, and primary engagement with external auditors.
  • Lead company HIPAA Security Rule compliance initiatives by overseeing risk assessments, risk mitigation strategies, and the design, implementation, and documentation of administrative, physical, and technical safeguards to ensure ongoing regulatory compliance and operational
    effectiveness.
  • Provide guidance to control owners regarding compliance obligations, documentation expectations, evidence collection, remediation activities, and audit readiness.
  • Coordinate cross-functional teams (IT, Engineering, HR, Legal) to gather and validate audit evidence in a timely manner.
  • Manage findings and observations through to closure, including root-cause analysis, remediation planning, and evidence of corrective action./
  • Develop and maintain compliance metrics, dashboards, and reporting to support visibility into governance and compliance activities.
  • ISO 27001 & NIST Control Framework
  • Serve as a trusted internal subject-matter expert (SME) for the ISO 27001 Information Security Management System (ISMS), providing strategic guidance on governance, policy development, risk management, control implementation, and management review processes.
  • Lead the alignment and mapping of organizational security policies, standards, and procedures to ISO 27001 Annex A controls, ensuring continued compliance and proactive adaptation to evolving regulatory and industry requirements.
  • Apply the NIST Cybersecurity Framework (CSF) and NIST SP 800-53 control catalog to evaluate the design and operating effectiveness of security controls, identify compliance gaps, and strengthen the organization's cybersecurity posture.
  • Plan and execute periodic control assessments, internal audits, and maturity evaluations against ISO 27001 and NIST control frameworks, documenting findings, assessing risk impacts, and delivering prioritized remediation roadmaps to stakeholders.
  • Partner with business, technology, and compliance teams to drive corrective action plans, monitor remediation efforts, and validate control improvements through ongoing governance and assurance activities.
  • Support external audits, customer due diligence reviews, and third-party security assessments by providing control documentation, evidence packages, and framework mappings that demonstrate compliance with ISO 27001 and NIST requirements.
  • Maintain awareness of emerging cybersecurity standards, regulatory developments, and industry best practices to continuously enhance the organization's security governance and control environment.
  • Data Protection & Privacy Compliance - Americas
  • Monitor, interpret, and implement data protection and privacy requirements across the Americas, including U.S. state privacy laws (CCPA/CPRA, VCDPA, CPA, TDPSA), GLBA, COPPA, Canada's PIPEDA and provincial privacy laws, Brazil's LGPD, Mexico's LFPDPPP, Argentina's Ley 25.326, Colombia's Ley 1581, Chile's Ley 19.628, and emerging regulatory frameworks.
  • Maintain a privacy regulatory register documenting applicability, key compliance obligations, implementation status, and regulatory developments across relevant jurisdictions.
  • Partner with Legal, Product, Engineering, and Security teams to conduct Data Protection Impact Assessments (DPIAs), privacy risk assessments, data mapping exercises, and Records of Processing Activities (RoPAs), ensuring privacy-by-design principles are embedded in business processes and technology solutions.
  • Advise stakeholders on cross-border data transfers, data residency requirements, third-party processing arrangements, and jurisdiction-specific privacy obligations.
  • Develop, maintain, and enhance privacy policies, standards, procedures, and governance controls to support regulatory compliance and organizational risk management.
  • Support regulatory inquiries, customer assessments, and compliance audits by providing privacy documentation, evidence, and control artifacts.
  • Deliver privacy awareness training and guidance to promote compliance, accountability, and responsible data handling practices across the organization.
  • Policy, Risk & General Security Operations
  • Develop, maintain, and periodically review information security policies, standards, and procedures to ensure alignment with ISO 27001, regulatory requirements, and industry best practices.
  • Support enterprise risk management activities by conducting security risk assessments and evaluating threats, vulnerabilities, and control effectiveness using established methodologies such as NIST RMF and FAIR.
  • Perform third-party risk assessments, including security questionnaire reviews, due diligence evaluations, and vendor risk analysis to support procurement and ongoing oversight activities.
  • Participate in security incident response and post-incident review activities, documenting lessons learned and recommending control improvements to reduce future risk
  • Monitor emerging cybersecurity threats, regulatory developments, and industry trends, providing timely analysis and actionable recommendations to leadership and key stakeholders.
  • As required and assigned
  • Supports GEODIS' programs for Safety, Health, Environment, Quality , Ethics, Compliance, CSR and Sustainability


What you need: (requirements)

  • Bachelor's degree in Information Security, Computer Science, Information Systems, or a closely related field. Equivalent combination of education and directly relevant experience will be considered.
  • Minimum 6 years of progressive experience in information security, IT audit, or IT compliance roles.
  • Demonstrated hands-on experience managing SOC 1 and/or SOC 2 audit engagements as an auditee-side lead.
  • Direct experience with HIPAA Security Rule compliance programs, including risk analysis and safeguard documentation.
  • Practical working knowledge of ISO 27001 control domains and NIST SP 800-53 or CSF control families.
  • Familiarity with data protection regulations in two or more Americas jurisdictions (e.g., CCPA/CPRA, LGPD, PIPEDA).
  • Experience writing and maintaining information security policies, standards, and procedures.
  • Proficiency with GRC platforms (e.g., OneTrust, Vanta, Drata, ServiceNow GRC, or equivalent).
  • Certifications - One or More Required
  • Certified Information Systems Security Professional (CISSP) - ISC²
  • Certified Information Systems Auditor (CISA) - ISACA
  • Certified Information Security Manager (CISM) - ISACA
  • ISO 27001 Lead Auditor or Lead Implementer
  • Certified in Risk and Information Systems Control (CRISC) - ISACA
  • Preferred Qualifications
  • Experience with SaaS or cloud-native environments (AWS, Azure, GCP) and relevant compliance considerations (e.g., shared responsibility model, cloud security controls).
  • Familiarity with SOC 2 criteria extensions (Availability, Confidentiality, Processing Integrity, Privacy) beyond Security.
  • Working knowledge of LGPD or other South American data protection frameworks in an operational compliance capacity.
  • Experience supporting customer security reviews, RFP security questionnaires, or enterprise sales security due diligence.
  • Familiarity with vulnerability management programs and how vulnerability data feeds compliance risk registers.
  • Spanish or Portuguese language proficiency is a plus given regional privacy compliance responsibilities.
  • Strong written and verbal communication skills, with the ability to translate complex regulatory, risk, and technical security concepts into clear, actionable guidance for diverse, non-technical stakeholders.
  • Highly organized with strong attention to detail and the ability to manage multiple concurrent audits, assessments, and compliance initiatives within tight deadlines.
  • Analytical and risk-focused mindset with demonstrated ability to identify control gaps, assess impact, and develop pragmatic, risk-based remediation strategies.
  • Proven ability to collaborate effectively across cross-functional teams, including Engineering, Legal, HR, Finance, and Business stakeholders, to drive compliance and risk reduction outcomes.
  • High level of professional integrity, judgment, and discretion in handling confidential, regulated, and sensitive information.


What you gain from joining our team:

  • Free telemedical access to doctors and therapists through First Stop Health is available on the first day of employment!
  • Access wages early with the Rain financial wellness app
  • Health, dental, and vision insurance after 30 days of employment
  • 401k match
  • Paid maternity and parental leave
  • Access to career development, employee resource groups, and mentorship programs
  • Employee discounts
  • Access to employee perks like fitness class discounts and free access to a relaxation and meditation app
  • Free financial wellness programs
  • Daycare discount program
  • Opportunities to volunteer and give back to your community.
  • + more!


Join our Team!

  • Visit our website at workatGEODIS.com and chat with our virtual recruiter, Sophie, to fast-track your way to an interview.


OR

Text DELIVER to 88300 to Apply!

About GEODIS

GEODIS is a global logistics provider with over 41,000 employees and a presence in over 120 countries. The company offers a range of services including supply chain optimization, freight forwarding, contract logistics, distribution and express delivery. GEODIS serves a variety of industries including automotive, retail, healthcare, and aerospace. The company is committed to sustainability and has implemented several initiatives to reduce its environmental impact.
Learn more about GEODIS
Size
41,000 employees
Industry

Similar Jobs

More Jobs at GEODIS

More Information Technology Jobs

Find similar Sr IT Analyst - Security jobs: