IT Security Compliance Analyst
About the position
Boomi is looking for a detail-oriented, technically savvy Security Compliance Analyst to join our Governance, Risk, and Compliance (GRC) team. In this role, you will manage the lifecycle of security audits, perform internal assessments, and ensure our cloud infrastructure remains compliant with international and regional frameworks. You will help translate complex regulatory requirements into actionable technical controls for our DevOps and Engineering teams.
Responsibilities
• Audit Management: Lead the preparation, execution, and remediation phases for global audits including SOC 1/SOC 2, ISO 27001/27701, and Cyber Essentials Plus.
• Public Sector Compliance: Maintain Boomi’s FedRAMP authorization status (Moderate/High) and support Australian government requirements via the IRAP framework.
• Continuous Monitoring: Perform regular internal gap analyses and "mock audits" to ensure controls are operating effectively throughout the year, not just during audit windows.
• Stakeholder Collaboration: Work closely with Engineering, Legal, and HR to document processes and evidence that satisfy security control requirements.
• Risk Assessment: Identify and communicate security risks associated with third-party vendors and internal architectural changes.
• Evidence Collection Automation: Drive initiatives to automate compliance evidence collection to reduce "audit fatigue" across the technical organization.
Requirements
• Experience: 4+ years in IT Audit, Information Security, or Compliance, specifically within a SaaS or Cloud Service Provider environment.
• Framework Expertise: Deep functional knowledge of SOC 2, ISO 27001, and NIST 800-53 (FedRAMP).
• Technical Literacy: Ability to understand cloud infrastructure concepts (AWS/Azure) and explain security controls related to IAM, encryption, and vulnerability management.
• Communication: Exceptional ability to translate "auditor-speak" into technical requirements for developers.
Nice-to-haves
• Certifications: CISA, CRISC, CISM, or CISSP
• Familiarity with international standards like IRAP or Cyber Essentials is highly preferred.
• Familiarity with the following services: Knowbe4, SafeBase, Ascend, and/or Jira
Apply tot his job
Apply To this Job