Home-Based IT Security and Compliance Analyst

It's fun to work in a company where people truly BELIEVE in what they're doing!

We're committed to bringing passion and customer focus to the business.

The Client Services Home-Based IT Security & Compliance Analyst is responsible for managing security, privacy, and compliance requests from customers and prospects while supporting the company’s information security and regulatory compliance programs. This role works closely with IT, Legal, Sales, and Operations teams to ensure audits, due diligence activities, and compliance requirements are completed accurately and efficiently. The position also supports adherence to security frameworks such as ISO 27001, SOC 2 Type 2, and other industry standards relevant to the eCommerce business.

REQUIRED CORE COMPETENCIES 

• Stakeholder Communication – Effectively communicates security, compliance, and risk-related information to customers, auditors, leadership, and non-technical stakeholders.
• Attention to Detail – Maintains accuracy when reviewing security questionnaires, audit evidence, policies, compliance documentation, and regulatory requirements.
• Organization & Time Management – Manages multiple compliance requests, audits, reporting deadlines, and remediation activities while ensuring timely completion.
• Problem-Solving & Critical Thinking – Analyzes security and compliance issues, identifies root causes, assesses risks, and recommends practical solutions.
• Collaboration & Relationship Building – Works closely with IT, Legal, Sales, Operations, and external auditors to drive compliance initiatives and achieve security objectives.

WHAT YOU WILL DO 

Compliance Request Management

• Manage timely handling of annual and ad-hoc customer security questionnaires,
• compliance surveys, and audit requests.
• Review and complete customer-provided documentation, including ISO 27001 and SOC 2
• assessments, security contracts, and privacy inquiries from both prospective and existing
• clients.
• Track and report on compliance request metrics and statuses to leadership.

Security & Technology Monitoring:

• Monitor company websites and web applications for security threats, vulnerabilities, and suspicious activity, using both automated security tools and manual assessments.
• Conduct routine vulnerability scans, penetration tests, and patch level assessments to ensure sites meet internal and external security standards.
• Maintain and regularly update company security and privacy policies to address evolving threats, regulatory requirements, and audit findings.
• Ensure websites and applications are properly patched, configured, and tested to pass ISO 27001, SOC 2 Type 2, and other relevant compliance audits.
• Serve as a point of escalation for emerging web-based security risks and coordinate timely remediation efforts.
• Collaborate with IT and development teams to design and enforce secure release management practices, ensuring vulnerability management is an integral part of the software lifecycle.
• Advise stakeholders regularly on security trends, new risks, and required changes to maintain compliance and business resilience.

Program Administration & Documentation:

• Maintain and update all compliance documentation, such as policies, certifications, control inventories, process narratives, and audit evidence logs
• Ensure information within customer trust portals and knowledge bases is current and  meets regulatory requirements
• Gather, organize, and prepare responses and evidence for internal and external audits
• Lead readiness activities and facilitate annual ISO and SOC reviews with external auditors

Control Monitoring & Reporting

• Coordinate internal control testing, evidence collection, and risk assessments needed to demonstrate ongoing compliance with ISO 27001, SOC 2, and privacy frameworks
• Prepare reports for management and stakeholders summarizing compliance trends, remediation efforts, and open risks

Training, Process Improvement & Regulatory Awareness:

• Plan, develop, and deliver cybersecurity awareness training programs for employees— including mandatory onboarding modules, annual refresher courses, and targeted materials for specific roles and locations.
• Conduct simulated phishing tests and other assessments to measure employee security awareness, using results to identify training gaps and improve program effectiveness.
• Document training participation, results, and ongoing training compliance for audit and regulatory review.
• Prepare reports for management and stakeholders summarizing compliance trends, remediation efforts, open risks, and training status
• Identify and implement continuous improvement opportunities in compliance and security  request handling processes
• Monitor evolving regulatory and industry requirements; recommend and support changes to internal policies and controls

WHAT WE LOOK FOR 

Education: Bachelor’s degree in information security, Computer Science, Business, or relevant discipline, or equivalent work experience.  

Experience: Compliance Experience: Minimum 3 years’ experience in IT security or privacy  compliance, ideally within eCommerce or SaaS; direct experience with ISO 27001, SOC 2, or similar frameworks required

• Security & Regulatory Knowledge: Strong understanding of information security controls, risk management methodologies, and privacy principles
• Document Management: Proven ability to organize and maintain policies, evidence logs, and documentation for audit and customer response purposes
• Analytical & Communication Skills: Excellent attention to detail and written/verbal communication skills; able to translate technical control requirements for non-technical audiences.

Language Proficiency: Strong verbal, written, and English communication skills. 

Working schedule: Ability to work overnight/graveyard shifts in Philippine time or within US operating hours.  

Technical Skills: Experience with GRC, compliance automation, or Jira ticketing platforms is a plus. Problem Solving: Strong analytical skills for diagnosing and resolving technical issues by analyzing system logs, error messages, and performance metrics

Certifications: ISO 27001 Lead Implementer; SOC 2 audit is REQUIRED

WHAT WE OFFER 

• Job Type: Full-time 
• Work Shift: 8:00 AM - 5:00 PM EST/EDT (USA) 
• Workdays: Monday through Friday (USA) 
• Benefits of working with us:  

• Industry-leading salary packages 
• Permanent work-from-home setup 
• Company equipment provided  
• Internet stipends upon regularization 
• HMO Coverage   
• PTO credits and service incentive leaves 
• Major spring and winter company live events 
• Monthly employee appreciation virtual events 
• Company-provided career skills training courses 
• A company culture focused on your personal and professional growth 

WHO WE ARE 

DCX stands out as a leading BPO (Business Process Outsourcing) company that takes pride in assisting growth-focused small and medium-sized businesses across the United States to discover the perfect global talent to enhance their teams. 

At DCX, our core beliefs center around fostering growth and making hiring easy. We are dedicated to helping business owners, executives, and industry leaders, primarily within the promotional products industry, in their search for superstar team members. 

If you are on the lookout for a company that values growth and places a strong emphasis on its people-centered culture, then DCX is the place for you. As we say around here, LET'S GROW! 

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!