What are the responsibilities and job description for the Associate Information Security Compliance Analyst position at NAVEX?
At NAVEX, we’re transforming the world—making it safer, more ethical, and ensuring every voice is heard. That’s real impact.
Our high-performance culture is driven by our values. We move with speed, passion and purpose — as one team. We are bold in our ideas, accountable in our actions, and committed to doing the right things right.
As a key member of our Information Security department, you will support the organization’s regulatory, certification, and third-party risk management efforts. This role assists in maintaining compliance with ISO standards (e.g., ISO 27001), SOC 1/SOC 2 audit requirements, and third-party vendor risk management programs. The position ensures documentation, controls, and processes align with regulatory, contractual, and internal compliance obligations. In partnership with our RFP Specialist, sales and legal functions, you will catalog and describe our technical capabilities and the security controls we have in place in order to drive revenue and customer retention. Additional duties may include participating in our vulnerability management and PEN testing process while helping customers realize the value of our integrated risk and compliance management products and services.
You’ll thrive in this hybrid role surrounded by an engaged, collaborative team deeply committed to your success. Join us and help shape what’s next!
At NAVEX, you will work in a hybrid role and thrive alongside an engaged and collaborative team invested in supporting your success!
What you’ll get:
Our high-performance culture is driven by our values. We move with speed, passion and purpose — as one team. We are bold in our ideas, accountable in our actions, and committed to doing the right things right.
As a key member of our Information Security department, you will support the organization’s regulatory, certification, and third-party risk management efforts. This role assists in maintaining compliance with ISO standards (e.g., ISO 27001), SOC 1/SOC 2 audit requirements, and third-party vendor risk management programs. The position ensures documentation, controls, and processes align with regulatory, contractual, and internal compliance obligations. In partnership with our RFP Specialist, sales and legal functions, you will catalog and describe our technical capabilities and the security controls we have in place in order to drive revenue and customer retention. Additional duties may include participating in our vulnerability management and PEN testing process while helping customers realize the value of our integrated risk and compliance management products and services.
You’ll thrive in this hybrid role surrounded by an engaged, collaborative team deeply committed to your success. Join us and help shape what’s next!
At NAVEX, you will work in a hybrid role and thrive alongside an engaged and collaborative team invested in supporting your success!
What you’ll get:
- Meaningful Purpose. Your work helps organizations operate with integrity and protect their people—at a scale few companies can match.
- High-Performance Environment. We move with urgency, set ambitious goals, and expect excellence. You’ll be trusted with real ownership and supported to do the best work of your career.
- Candid, Supportive Culture. We communicate openly, challenge ideas—not people—and value teammates who embrace bold thinking and continuous improvement.
- Growth That Matters. You can count on authentic feedback, strong accountability, and leaders invested in your success so you can achieve real growth.
- Rewards for Results. We provide clear, competitive compensation designed to recognize measurable outcomes and real impact.
- Complete requests for proposal and technical questionnaires from prospects and customers
- Assist with SOC 2 audit, ISO 27001 compliance and customer risk assessments
- Assist in maintaining and improving the Information Security Management System (ISMS) in alignment with ISO 27001
- Conduct vendor risk assessments and due diligence reviews
- Support internal and external certification audits and client assessments
- Maintain compliance documentation, policies, procedures, and control evidence
- Prepare compliance reports for management
- Stay current on regulatory and industry standard changes
- Coordinate application and infrastructure penetration (PEN) tests
- Participate and/or lead our vulnerability management process
- Minimum of an Associate’s degree in Information Security, Risk Management, or related field preferred
- 2 years of experience in compliance, information security, audit, or risk management
- Experience supporting ISO 27001, SOC 1/SOC 2, or similar frameworks is highly desirable
- Familiarity with third-party risk management processes
- Existing or willingness to obtain security certifications (e.g. CISA, ISO 27001 Internal Auditor, CISSP, Security , etc.)
- Familiarity with creating and implementing technical and information security policies and procedures, and technical writing in a SaaS environment
- Strong presentation skills, project planning and scoping experience
- Culture Agility. Comfort working in a fast-paced, candid environment that values innovation, healthy debate, and follow-through
- AI Readiness. Curiosity and willingness to use AI and emerging technologies to elevate your work and deliver smarter outcomes
- Fuel performance and outcomes. Leverage your job competencies and champion NAVEX’s core values.
- We’ll be clear, we’ll move fast, and we’ll invest in your success. You deserve to be supported, challenged, and rewarded for the impact you make—and we commit to doing that every step of the way.
- The starting pay range for this role is $70,000 per annum. Discover how you can grow, lead, and make an impact by visiting our career page to learn more. NAVEX is an equal opportunity employer committed to including individuals of all backgrounds, including those with disabilities and veteran status.
Salary : $70,000