About the role
As an Information Security and Compliance Engineer, you will play a critical role in safeguarding PureFacts’ infrastructure, applications, and data. You will be responsible for implementing and maintaining security controls, supporting compliance initiatives (e.g., SOC 1, SOC 2, ISO 27001), and collaborating with cross-functional teams to ensure the security, privacy, confidentiality, integrity, and availability of our systems.
What you'll do
Implement and maintain security controls aligned with the SOC framework, ISO 27001, CIS Benchmarks and other best security practices.
Support the execution of the annual SOC 1 and SOC 2 audits, including evidence collection, control testing, and remediation tracking.
Conduct ongoing vulnerability assessments and coordinate remediation efforts with DevOps and infrastructure teams.
Coordinate penetration tests on our web applications with independent security specialist.
Monitor and manage external attack surfaces and consult internal teams to reduce exposure.
Maintain static code analysis and application security scanning as part of our SDLC (Software Development Life Cycle) pipelines.
Collaborate with IT leadership to define and enforce access control policies, including least privilege and role-based access.
Participate in incident response and root cause analysis, ensuring timely resolution and documentation of security events.
Contribute to the development and delivery of security awareness training programs for employees and contractors.
Maintain documentation for security policies, procedures, and compliance reports.
Qualifications
Bachelor’s degree in computer science, Information Security, or a related field.
3+ years of experience in information security, compliance, or IT risk management.
Strong understanding of cloud security (preferably Microsoft Azure), network security, and endpoint protection.
Familiarity with compliance frameworks such as SOC 1/2, ISO 27001, and GDPR.
Experience with security tools, vulnerability scanners, and SIEM platforms.
Excellent communication and documentation skills.
Industry certifications (e.g., CISSP, CISM, CEH, ISO 27001 Lead Implementer) are a plus.
What We Offer:
A great team!
Lots of growth opportunities
Flexible work environment, where you have the option to work from home or the office
Competitive compensation
Wellness programs & great employer benefits (includes dental+ vision +massage, etc.!)
Meal allowance
Did we mention a great team?!
