Security Compliance Analyst
Sailthru
We are seeking an experienced Compliance Analyst within the GRC (Governance, Risk, and Compliance) team to take the lead on managing & facilitating Marigold’s external compliance to standards such as SOC2 and ISO 27001.
This role will involve working closely with teams across Marigold to ensure that the business and our different products (some global) maintain compliance to, and can achieve certification to, all required standards. The successful individual will take responsibility for preparing for the audits, gathering evidence and working with relevant teams, and then coordinating and managing the audit itself.
Key Responsibilities
Facilitate audits with external auditors and product control owners.
Conduct regular assessments throughout the year to ensure compliance with design and operational controls.
Identify and address gaps in compliance, while effectively communicating the details.
Enhance processes for managing compliance initiatives.
Record and manage control documentation, linking evidence as necessary.
Build and deliver clear, actionable compliance reports.
Facilitate discussions with stakeholders across the organization to ensure alignment with compliance standards.
Essential Skills & Experience
5+ years of relevant work experience.
Strong ability to extract detailed information through effective questioning, active listening, and challenging assumptions.
Clear, concise communication skills with the ability to simplify complex topics.
Proven ability to work independently and collaborate effectively across all organizational levels.
Experience with a compliance audit, and readiness preparation.
Demonstrated skills in analysis, decision-making, and problem-solving.
French language skills (Intermediate level}
Desirable Skills & Experience
French language skills (Native Speaker}
Experience of global data privacy regulations such as GDPR and CCPA, as well as compliance standards such as ISO27701, PrivacyMark, and HiTrust (for HIPAA).
Relevant security-related qualifications such as ISO27001 Lead Auditor/Implementer, CISSP, or CISA.
Knowledge of AWS (for example Cloud Practitioner certified).
Qualifications
BA/BS degree or equivalent experience.