Source Job

$51,840–$64,800/yr
Europe

  • Support the ISO 27001 program by maintaining audit readiness, running evidence collection, and managing access reviews.
  • Perform recurring security operations including vulnerability scanning, risk assessments, and vendor reviews.
  • Collaborate cross-functionally to harden identity and access management, respond to security questionnaires, and support AI governance initiatives.

ISO 27001 GRC Vulnerability Management AWS

20 jobs similar to Information Security Analyst

Jobs ranked by similarity.

Europe 5w PTO

  • Own and drive the compliance roadmap across multiple frameworks like ISO 27001, TISAX, SOC 2, and GDPR.
  • Implement ISO 27001 and adjacent frameworks end-to-end for customers, ensuring successful audits.
  • Mentor the compliance team, conduct internal audits, and act as the senior compliance voice for customers, auditors, and product.

Secfix automates security compliance for companies, helping them achieve ISO 27001, GDPR, TISAX, and SOC 2 quickly. They are a high-performing 100% remote team with hubs in Germany and the UK, backed by top VCs.

$132,000–$165,000/yr
US Unlimited PTO

  • Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
  • Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
  • Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.

Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.

$136,000–$169,000/yr
US

  • Manage security compliance programs against frameworks like PCI-DSS, NIST, and SOC 1/2, leveraging automation tools for continuous assessment.
  • Oversee identity and access management, including automated provisioning audits and anomaly detection.
  • Collaborate with engineering, DevOps, and product teams to integrate compliance into CI/CD and cloud infrastructure.

Prosper is a FinTech company focused on improving financial well-being. It is a growing company with a collaborative culture and offers resources for professional growth and holistic well-being.

United States Unlimited PTO

  • Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
  • Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
  • Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.

Sardine is the leading agentic risk platform for fighting financial crime, integrating data across risk teams to stop fraud and automate AML operations. With over 6 billion profiled devices and 800 million consumers, we maintain a remote-first culture that values performance over hours worked.

$198,238–$233,221/yr
US

  • Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
  • Lead risk assessments, control testing, and enterprise risk management processes.
  • Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.

Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.

  • Owns product, cloud, engineering, vendor, AI-tooling, and compliance security functions.
  • Builds practical guardrails for AI tools, agents, MCPs, data leakage, and automation.
  • Understands OWASP, IAM, secrets, cloud security, vulnerability management, CI/CD, incident response, and frameworks like SOC 2, ISO 27001, GDPR, or HIPAA.

PlayPower Labs is a company focused on building practical security functions without slowing down teams. The organization values security sharpness, usefulness, and a product-minded approach, with a culture that balances protection and agility.

UK Global

  • Lead and own the ongoing operation and maintenance of Samsara’s vulnerability management program.
  • Collaborate with engineering teams to track and support the remediation of identified vulnerabilities.
  • Champion Samsara’s cultural principles in daily work.

Samsara is the pioneer of the Connected Operations Cloud, enabling organizations to harness IoT data for actionable insights. As a recently public company with a global team, they foster a culture of rapid career development and encourage employees to architect their own careers.

Canada United States

  • Execute the security architecture process for business initiatives, from engagement through to implementation.
  • Support the Information Security Architect across analysis, reviews, and outputs as needed.
  • Act as a point of contact for InfoSec queries and use security tooling to identify and analyze risks.

StackAdapt is a leading technology company that provides an AI-powered marketing platform for programmatic advertising. The company has a diverse, remote-first culture with a supportive workplace.

$100,000–$160,000/yr
US

  • Support the day-to-day security posture of systems across cloud and on-prem environments, including vulnerability management and remediation tracking.
  • Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, and incident readiness.
  • Support compliance activities related to GovRAMP, FedRAMP, PCI DSS, and internal reviews using AWS security tooling.

Grant Street Group is a growing company that provides SaaS products for electronic payments, auctions, and tax collection. The company fosters a culture of teamwork, professional excellence, and individual responsibility in a technology-rich remote environment.

$115,000–$145,000/yr

  • Manage security and IT service desk tickets, access controls, and user provisioning.
  • Administer Atlassian cloud products, endpoint protection, and SOC/SIEM alerts.
  • Document processes, support compliance, and maintain security best practices.

Bitwarden is the trusted identity security leader for millions of users worldwide, empowering enterprises, developers, and individuals to securely manage and share sensitive information anywhere. The company is headquartered in Santa Barbara, California, and operates as a fully remote team with a collaborative culture.

Canada Europe Unlimited PTO

  • Support active and upcoming audits including ISO 27001, SOC 2, PCI DSS, and HIPAA by coordinating evidence and working with control owners.
  • Conduct risk assessments, update risk registers, track remediation, and perform third-party risk management reviews.
  • Respond to customer and prospect security/compliance questions and improve repeatable processes and evidence quality.

Upsun is the cloud application platform for hybrid teams, enabling developers to build, ship, and scale confidently without managing backend infrastructure. The company has a remote, global workforce and fosters a multicultural, open, and inclusive culture with a focus on open source and innovation.

GRC Manager

Runway
US

  • Design and implement a comprehensive GRC framework addressing both traditional security controls and novel AI safety considerations.
  • Lead engagements with external auditors to obtain critical security certifications like SOC 2, ISO 27001/27701/42001, and FedRAMP.
  • Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems.

Runway builds AI to simulate the world through merging art and science, focusing on world models for progress in artificial intelligence. Our team consists of creative, open-minded, caring, and ambitious people determined to change the world, striving to continuously build impossible things.

US

  • Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
  • Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
  • Conduct security risk assessments, evaluate controls, and track remediation plans.

Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.

$112,700–$180,300/yr
US

  • Lead end-to-end third-party audits, evidence collection, and compliance onboarding for new products and features.
  • Partner with cross-functional teams to design and validate internal controls across SOX, SOC, HIPAA, and PCI frameworks.
  • Drive continuous improvement by standardizing processes, reducing manual effort, and collaborating on automated compliance monitoring.

Jobgether uses AI-powered matching to streamline job applications. They are a company focused on connecting candidates with hiring employers through automated shortlisting, with a transparent and flexible work culture.

US Unlimited PTO

  • Lead the technical work to achieve and maintain compliance certifications (SOC 2, ISO 27001, and the upcoming FedRAMP process)
  • Design and implement security controls across AWS infrastructure, CI/CD pipelines, Kubernetes, and application deployments
  • Build the automation, logging, and evidence collection required for continuous compliance

Zafran's mission is to stop the exploitation of vulnerabilities everywhere, using an Exposure Graph that maps and neutralizes real attack paths. Backed by Menlo Ventures, Sequoia Capital, and Cyberstarts, they are one of the fastest-growing companies in cybersecurity, with a culture of meaningful work and challenging teammates.

$60,000–$60,000/yr
US

  • Provide quality customer service and monitor compliance mailbox for client requests.
  • Prepare written responses to security inquiries and handle due diligence questionnaires.
  • Support audit activities and coordinate with departments on policy development and remediation.

TierPoint provides information security and compliance solutions. The company fosters a collaborative, team-oriented culture with a focus on confidentiality and accuracy.

$135,481–$182,160/yr
US

  • Monitor security events and provide technical analysis on alerts.
  • Lead information security incidents and employee investigations, developing response strategies.
  • Deliver security guidance and coordinate building services to support security operations.

Samsara is the pioneer of the Connected Operations Cloud, helping organizations that depend on physical operations harness IoT data to improve safety, efficiency, and sustainability. As a recently public company with a culture that encourages rapid career development, they support a flexible, employee-led remote model.

$100,000–$165,000/yr
US Unlimited PTO

  • Lead security operations including vulnerability management, incident response, and SIEM platform maturity.
  • Administer Microsoft security tools (Defender, Purview, Entra) and support compliance frameworks like SOC 2 and HITRUST.
  • Drive risk reduction through security awareness, risky user remediation, and cross-functional collaboration.

Sequel develops next-generation drug-delivery advancements, starting with the twiist Automated Insulin Delivery System for diabetes management. It is headquartered in New Hampshire and fosters a culture of hard work, fun, and support.

$73,000–$80,300/yr
Canada Unlimited PTO

  • Partner with engineering teams to design, build, and operate secure-by-default cloud infrastructure across AWS and Google Cloud.
  • Build reusable Terraform modules and policy-as-code guardrails to make secure implementation easier for engineering teams.
  • Operate CSPM/CNAPP tooling and drive remediation of cloud vulnerabilities and misconfigurations.

Fullscript is a health technology company that provides a platform for practitioners to access clinical insights, lab interpretations, and high-quality supplements, serving over 125,000 practitioners and 10 million patients. The company has a remote-first culture, emphasizes work-life balance, and values inclusivity and continuous learning.

$98,000–$98,000/yr
US

  • Deploy and maintain endpoint detection and response agents across Windows, macOS, and Linux, coordinating updates and patches through change control.
  • Configure and optimize AI-assisted detection automations and prevention policies to maximize security platform coverage.
  • Manage vulnerability scanning schedules and asset tagging, partnering with teams to provide remediation data and configuration recommendations.

Dragos is a market leader in ICS/OT cybersecurity, defending industrial organizations that provide essential services. The company is remote-first with operations across North America, Europe, the Middle East, and APAC, and values authenticity, transparency, and trust.