Security & Compliance Analyst

M

Managed IT & Security Provider

Security & Compliance Analyst

Alexandria, VA
Full Time
Paid
  • Responsibilities

    Benefits:

    401(k)

    401(k) matching

    Bonus based on performance

    Company parties

    Competitive salary

    Dental insurance

    Health insurance

    Paid time off

    Vision insurance

    Overview

    We are hiring a Security & Compliance Analyst to support multiple client environments with a focus on security operations, compliance readiness, and risk management. This role is hands-on and execution-focused, working closely with client IT leadership and internal teams to ensure security controls are effective, documented, and consistently maintained.

    The Security & Compliance Analyst owns day-to-day security and compliance activities across clients, helping translate security findings into actionable remediation and keeping environments audit-ready without unnecessary complexity.

    Key Responsibilities

    Security Operations & Governance

    Lead recurring security posture reviews with client IT teams

    Review SOC findings, open risks, threat trends, and prioritized remediation actions

    Track security posture and risk over time, not just during audits

    Compliance & Documentation

    Serve as the primary resource for compliance-related activities across security platforms

    Maintain audit-ready documentation including policies, procedures, evidence, risk registers, and remediation logs

    Document security system configurations, changes, and control maturity

    Produce artifacts to support annual assessments and client audit requests

    Access Control & Identity

    Design, implement, and maintain role-based access control (RBAC)

    Enforce least-privilege access standards

    Manage and document access models and reporting visibility for stakeholders

    Reporting & Metrics

    Configure and maintain automated security and compliance reporting

    Deliver regular reports covering incidents, vulnerabilities, SLAs, and compliance status

    Clearly communicate security findings to both technical and non-technical audiences

    Vulnerability & Risk Management

    Review vulnerability scan results and security findings

    Partner with IT teams to prioritize remediation based on risk and business impact

    Track remediation progress and validate closure of findings

    Disaster Recovery & Business Continuity

    Support Disaster Recovery and Business Continuity planning activities

    Participate in tabletop exercises and incident simulations

    Document outcomes, gaps, and lessons learned

    Client & Internal Support

    Provide security and compliance support across multiple client environments

    Assist with security assessments, gap analyses, and remediation planning

    Help standardize security processes, documentation, and reporting across clients

    Serve as an internal subject-matter expert for security and compliance best practices

    Required Experience & Skills

    3–5+ years of experience in IT security, compliance, risk management, or related roles

    Strong understanding of security operations, SOC workflows, and vulnerability management

    Experience supporting audits or compliance frameworks such as SOC 2, NIST, CIS, or ISO

    Proven ability to create and maintain clear, organized, audit-ready documentation

    Experience implementing RBAC and least-privilege access models

    Comfortable working across multiple environments with varying levels of security maturity

    Strong written and verbal communication skills

    Preferred (Not Required)

    Experience in a managed services or consulting environment

    Familiarity with MDR, SIEM, vulnerability scanning, and cloud security platforms

    Experience supporting tabletop exercises or incident response planning

    Security certifications such as Security+, CISSP, CISM, or similar

    What Success Looks Like

    Security risks are clearly documented, prioritized, and tracked to resolution

    Audits and assessments are predictable and well-supported

    Security documentation is current, accurate, and usable

    Clients understand their security posture and next steps

    Internal teams rely on you as a trusted security and compliance resource

    Work Style

    Organized, accountable, and comfortable owning outcomes

    Able to manage multiple priorities without losing attention to detail

    Practical, risk-focused, and business-aware

    Willing to raise concerns when something is insecure, undocumented, or unclear

    Flexible work from home options available.