Senior Compliance Analyst (San Francisco)

Job Description

Job Description

Company Description

At BlueAlly, our mission is to make technology more accessible, more certain, and more impactful for every organization.

From cloud to cybersecurity, infrastructure to application modernization, we thrive on cutting-edge technologies and services. Elevate the impact of technology across your enterprise with world-class expertise that produces game-changing insights. Turn complex decisions into clear opportunities with a trusted guide to technology that ensures the next digital advance will be your decisive advantage. Trade IT complexity for capability with solutions that elevate possibilities, and advance with certainty, knowing you have BlueAlly as your ally in next. BlueAlly. Conquer Complexity.

Job Description

BlueAlly is seeking a Senior Compliance Analyst to join our team who will work closely with our IT and security functions. You'll be focused on handling the execution of tasks for the GRC Program within BlueAlly, leading multiple compliance initiatives including SOC 1, SOC 2, ISO frameworks, and sustainability standards. You will ensure timely delivery of high-quality compliance deliverables and actively contribute to process optimization and improvement initiatives. This role requires understanding of multiple compliance frameworks, information security practices, and experience working with technology teams.

• Lead the organization's comprehensive compliance program, including SOC 1, SOC 2, ISO 27001, ISO 9001, O-TTPS, and NetZero 2040 initiatives
• Develop and maintain an integrated compliance program that efficiently addresses requirements across multiple standards
• Design, implement, monitor, and maintain controls across multiple frameworks while collaborating with internal business partners
• Maintain BlueAlly's compliance data and evidence within the organization's GRC tool
• Answer and manage security questionnaires and Third-Party Risk Management (TPRM) assessments from customers and prospects
• Maintain and update data in the knowledge base to ensure accurate and current security documentation
• Maintain the company's Trust Center, including keeping all information current and upto-date and reviewing and approving access requests
• Conduct regular compliance audits and assessments to evaluate the effectiveness of internal controls and identify areas for improvement
• Lead and handle all stages of compliance audits, ensuring successful completion across all frameworks
• Act as the main point of contact for external auditors during compliance reviews and certification renewals
• Collaborate with internal teams (IT, security, and legal) to ensure alignment between business operations and regulatory requirements
• Prepare detailed reports and dashboards to track compliance status and performance metrics
• Create and maintain documentation for all compliance programs
• Monitor changes to laws, regulations, and standards that impact compliance programs and ensure timely updates to policies and procedures

Qualifications

• You have 3+ years of experience in compliance and security, with demonstrated experience in at least 2 of the following frameworks :

SOC 1

• SOC 2
• ISO 27001 Information Security Management Systems
• ISO 9001 Quality Management Systems
• O-TTPS implementation and maintenance
• Environmental sustainability programs, preferably NetZero 2040
• Experience with security questionnaire management and TPRM processes is highly desired
• Demonstrated ability to maintain accurate compliance data and evidence repositories within GRC platforms is highly desired
• Prior experience successfully leading compliance audits is highly desired
• You are a strong collaborator, with experience working on teams composed of both technical and non-technical members
• You have a demonstrated ability to lead large-scale compliance projects, problem-solve, multitask, and have excellent organizational skills with strong attention to detail
• You can navigate ambiguity and bring clarity to complex compliance requirements and processes
• You have excellent written and verbal communication skills, with experience presenting to key stakeholders and partnering with internal collaborators and external auditors
• You thrive in a fast-paced environment
• CISA, CISM, CISSP, ISO Lead Auditor certifications, or other related certifications are preferred

Additional Information

• This role is 100% remote.