Description:
We are seeking a proactive, detail-oriented Security Analyst, Compliance to independently run compliance certification programs with minimal supervision and actively support the broader compliance efforts of the team.
What You'll Do
- Execute and support compliance certification programs (e.g., SOC 2, ISO 27001, FedRAMP, Common Criteria), ensuring all security and regulatory requirements are met.
- Collaborate and maintain communication with cross-functional teams (e.g., Engineering, Legal, Product) and external auditors/stakeholders to ensure smooth project execution and successful outcomes.
- Assist and support internal teams through independent assessments and audits. Translate complex security and compliance controls into actionable technical solutions and implementation strategies.
- Develop, track, and report on key compliance metrics (KCMs), continuously driving process improvements to align with evolving industry standards and best practices.
- Author and maintain comprehensive compliance documentation, including control narratives, audit evidence, and supporting materials, ensuring they are accurate, up-to-date, and audit-ready.
- Independently drive on recurring tasks and events such as access reviews and vulnerability scanning across multiple business units with differing scopes.
- We are primarily an in-office environment and therefore, you will be expected to work from the Lehi, UT office in compliance with Pure’s policies, unless you are on PTO, or work travel, or other approved leave.
What You Bring
- 5+ years of experience in IT audit, risk management, or IT compliance roles, with demonstrated experience running compliance certification programs.
- In-depth understanding of security controls and key compliance frameworks (e.g., NIST, SOC2, ISO 27001, FedRAMP, FIPS, Common Criteria) as well as cloud platforms (e.g. AWS, Azure, GCP, etc.)
- Strong written and verbal communication skills, with the ability to engage effectively with both internal teams and external auditors.
- Ability to identify and recommend tools, processes, and software to improve and automate compliance practices.
- Security Operations or Engineering background preferred but not required
- Relevant certifications such as CISSP, CISA, or CISM, ISO/IEC 27001 Lead Implementer or Lead Auditor are preferred but not required.