Sidetrade
SaaS
InformationSecurityComplianceAnalyst
“Information Security Compliance Analyst at Sidetrade. Skills: ISO 27001, SOC 1, SOC 2, information security compliance, GRC tooling. Maintain and update information security policies, standards and procedures. Support the day-to-day administration of the ISO 27001 ISMS”
What You'll Achieve.
Maintain and update information security policies, standards and procedures; Support the day-to-day administration of the ISO 27001 ISMS; Support SOC 1 / SOC 2 Type II evidence collection and control monitoring activities; Make Drata work for you: coordinate recurring compliance tasks and automated evidence collection in the GRC console, and keep audit and governance documentation up to date; Draft first-pass responses to customer and prospect security questionnaires, RFIs and due-diligence requests; Prepare briefing materials, join calls in a support capacity, and chase the security commitments and action items afterwards; Support supplier and third-party security reviews from intake and evidence collection through to follow-up of remediation actions; Track ISMS KPIs and compliance task completion across stakeholders; Help maintain the risk register and the security awareness training program and stay on top of action owners until things are actually done; Support internal audits and external audit preparation and follow audit findings through to closure; Build working relationships with control owners and policy owners, respond to routine internal security enquiries, and escalate to the Compliance Manager when it matters; Spot opportunities to improve and automate recurring compliance activities and lift the overall quality of our documentation and audit readiness
Industry & Context.
Spot opportunities to improve and automate recurring compliance activities
What They're Looking For.
Must Have
organizational skills, attention to detail, ability to meet recurring deadlines, Excellent written and verbal communication skills in English, Comfortable working with documentation, spreadsheets and tracking / ticketing systems, Basic understanding of information security concepts and good security practices, Genuine curiosity about technology, AI and how systems and teams actually work, Comfortable initiating conversations with technical and non-technical stakeholders to understand a process before documenting it, Ability to manage multiple priorities and work both independently and within a small team, Awareness of Sidetrade's three core certifications: ISO 27001, SOC 1 Type II and SOC 2 Type II, Build trust across the business by treating every interaction as a chance to strengthen the working relationship, and by finding compliance solutions that respect the operational and commercial constraints of the team in front of you
Nice to Have
ISO 27001 Foundation certification (or willingness to obtain within the first 12 months), Familiarity with GRC or compliance tooling such as Drata, Vanta or OneTrust, Previous administrative, compliance, audit support or IT support experience, Working knowledge of GDPR and general data privacy principles, Awareness of PCI DSS controls is a plus, Genuine interest in pursuing a career in cybersecurity, governance, risk or compliance
What You'll Do.
Maintain and update information security policies
standards and procedures
Support the day-to-day administration of the ISO 27001 ISMS
Support SOC 1 / SOC 2 Type II evidence collection and control monitoring activities
Coordinate recurring compliance tasks and automated evidence collection in the GRC console
Keep audit and governance documentation up to date
Draft first-pass responses to customer and prospect security questionnaires
RFIs and due-diligence requests
Prepare briefing materials for prospect and customer security discussions
Join calls in a support capacity for prospect and customer security discussions
Chase security commitments and action items after prospect and customer security discussions
Support supplier and third-party security reviews from intake and evidence collection through to follow-up of remediation actions
Track ISMS KPIs and compliance task completion across stakeholders
Help maintain the risk register
Help maintain the security awareness training program
Stay on top of action owners until things are actually done
Support internal audits and external audit preparation
Follow audit findings through to closure
Respond to routine internal security enquiries
Escalate to the Compliance Manager when it matters
Spot opportunities to improve and automate recurring compliance activities
How You'll Work.
Team & Collaboration
talk to engineers, product people and operations teams; conversations to build ISO 27001, SOC 1 and SOC 2 compliance; working relationships with control owners and policy owners; collaborate with stakeholders in Business, Finance, HR, Procurement, IT, Product and R&D / Development; work within a small team; build trust across the business; finding compliance solutions that respect the operational and commercial constraints of the team in front of you
Communication Scope
Excellent written and verbal communication skills in English; initiating conversations with technical and non-technical stakeholders
Process & Methodology
Track ISMS KPIs and compliance task completion across stakeholders, Follow audit findings through to closure, Spot opportunities to improve and automate recurring compliance activities
Applying for this Information Security Compliance Analyst role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about Sidetrade?
Real rants from real employees. Read before you apply.