​This is a full-time, remote Information Security Compliance Analyst role at Bonterra, a technology company dedicated to the social good industry. The analyst will be the primary resource for executing the company’s annual Service Organization Controls (SOC) reporting and will be heavily involved in vendor risk management and enterprise-wide security programs.

• ​Location: Remote, United States.
• ​US Base Salary Range: $75,000 – $100,000.
• ​Experience: 6+ years’ experience performing risk and compliance activities (or less experience with a relevant degree).
• ​Focus: Leading SOC reporting initiatives, performing technical risk assessments of third-party suppliers, maintaining vendor registers, and assisting with security awareness and training programs.

​Job Responsibilities: Audit, Risk, and Program Management

​The analyst is central to maintaining Bonterra’s compliance posture and managing third-party risk.

• ​SOC Reporting Lead: Perform as the primary in executing the annual Service Organization Controls (SOC) reporting initiatives across several Bonterra products.
• ​Audit Coordination: Work closely with control owners and internal/external auditors to ensure requests are completed efficiently as part of the overall project management process.
• ​Vendor Risk Management (VRM): Perform technical risk assessments of third-party suppliers’ security and privacy controls. Maintain a register of relevant suppliers, controls, and risks for ongoing VRM activities.
• ​Program Support: Assist in maintaining the overall security awareness, role-based security training, and phishing simulation programs across the enterprise.
• ​Incident Response: Responsible for creating the playbook for reporting of high-risk events that involve compliance, risk, and information security.
• ​Internal Audits: Assist in conducting user activity audits where required.

​Required Qualifications and Certifications

​The role requires strong organizational skills, proven project management capability, and preferred certifications in the risk and compliance domain.

• ​Experience: 6+ years’ experience performing risk and compliance activities (or relevant degree with less experience).
• ​Management Skills: Project management experience, experience managing multiple priorities independently, and excellent organizational, planning, and time management skills.
• ​Analytical Skills: Excellent research and analytical skills.
• ​Communication: Excellent verbal and written communication skills, with the ability to exercise good judgment when dealing with senior management.
• ​Software Proficiency: Proficient with technology and ability to learn software systems, including GRC, ticketing, and project management software and workflows.
• ​Preferred Certifications: Information systems security professional certifications preferred (e.g., CRISC, CISA, CISSP, CISM, GSEC, GCFA, GCTI, CCSP, or other relevant certifications).