This job has closed.

Zonar Systems · 1 month ago

Join Us at , Now Including GPS Trackit! Senior Security Compliance Analyst

United States

Full-time

Remote

Senior Level

5+ years exp

Zonar Systems has been pioneering products and services that make the transportation industry safer, more productive, and more efficient. The Senior Security Compliance Analyst will lead activities to ensure Zonar’s products meet applicable security and regulatory standards, coordinate audits, and manage documentation while collaborating with various teams across the U.S. and LATAM regions.

Fleet ManagementLogisticsSoftwareTransportation

No H1B

Responsibilities

Lead and execute all tasks necessary to achieve and maintain critical security certifications, including SOC2 Type I and Type II and the roadmap towards FedRAMP (20x) compliance

Manage the GRC lifecycle by identifying control gaps, defining necessary security policies and standards, and tracking remediation efforts across engineering teams

Be the primary respondent for all customer and security questionnaires, documentation requests, and due diligence activities

Develop, implement, and maintain security policies, standards, and procedures in collaboration with stakeholders

Monitor regulatory changes and security advisories, recommending and overseeing the implementation of necessary threat and compliance remediations

Conduct risk assessments, document findings, and track remediation activities to closure

Support third-party vendor security reviews, ensuring vendor compliance with security requirements

Monitor changes in regulatory or framework requirements (e.g., SOC, FedRAMP, ISO 27001, NIST 800- 53) and ensure controls remain aligned

Provide expert-level guidance and audit support on Secure Software Development Life Cycle (SSDLC) practices, including DevSecOps, Threat Modeling, and Secure Coding

Identify and document security risks and control deficiencies within Zonar Products, articulating the required fix to engineering teams

Collaborate with Engineering to evaluate and recommend strategic security technologies that support compliance requirements

Review system configurations and vulnerability scan results for compliance alignment

Develop and provide security training and awareness programs specifically targeted at engineers and product teams

Qualification

SaaS security complianceGRC lifecycle managementSOC2FedRAMP auditsSecurity frameworks knowledgeCloud technologies familiaritySecurity training developmentAnalytical skillsSoftware development understandingGRC tools experienceSecurity certificationsBilingual - EnglishSpanishDocumentation skillsCommunication skills

Required

5+ years of progressive experience in Information Security and Governance, Risk, and Compliance (GRC), with at least 3 years supporting SaaS product environments

Strong working knowledge of major security frameworks (e.g., ISO 27001, SOC2, and FedRAMP)

Proven success participating in or leading SOC2 Type I and Type II and/or FedRAMP audit cycles

Exceptional analytical and documentation skills, including the ability to create audit-ready evidence and clear policy materials

Hands-on familiarity with cloud technologies and controls (e.g., AWS, GCP, IAM, KMS, Security Command Center)

Foundational understanding of software development or scripting (Python, Bash, PowerShell) sufficient to collaborate effectively with engineering teams

Bilingual – English and Spanish (fluent/professional working proficiency required)

Strong written and verbal communication skills in both languages to collaborate with U.S. and LATAM teams