CivicPlus, LLC is hiring an Information Security Compliance Analyst to manage our information security compliance posture. You will maintain security documentation, support audits, and ensure consistent implementation of controls across our production systems. In this role, you'll partner with technical and operational stakeholders to align security requirements with regulatory expectations and support risk management activities.

What You'll Do

Maintain and update information security policies, standards, and procedures in alignment with frameworks like GovRAMP, FedRAMP, ISO 27001, PCI DSS, and SOC 2.
Maintain System Security Plans (SSPs) to ensure system boundaries and control implementations accurately reflect the current state of production systems.
Coordinate and manage internal and external compliance assessment activities, including audit planning, evidence collection, and audit response support.
Manage continuous monitoring activities, including tracking, updating, and reporting Plan of Actions and Milestones (POA&Ms).
Support risk assessments and control gap analyses by identifying security deficiencies and collaborating on remediation approaches.
Define, track, and report key compliance metrics to measure program effectiveness and communicate posture to leadership.
Partner closely with engineering, operations, and production teams to ensure security requirements are documented, implemented consistently, and remain audit-ready.
Develop and maintain audit-ready evidence repositories to support repeatable, efficient compliance assessments.
Provide guidance to system and control owners on compliance expectations, documentation standards, and implementation requirements.

What We're Looking For

3–5 years of experience in information security compliance, cybersecurity assurance, GRC, or a related field.
Demonstrated experience managing System Security Plans (SSPs) and supporting documentation for enterprise systems.
Experience supporting compliance audits and certifications, including NIST 800-53 (FedRAMP/GovRAMP), ISO 27001, PCI DSS, and/or SOC 2.
Strong understanding of modern information security compliance frameworks and control-based security programs.
Ability to interpret regulatory and compliance requirements and translate them into clear, actionable documentation.
Strong analytical, writing, and organizational skills with exceptional attention to detail.
Ability to manage multiple compliance activities concurrently while meeting deadlines and quality expectations.

Nice to Have

Bachelor’s degree in Cybersecurity, Information Security, Information Systems, or a related field, or equivalent professional experience.
Security+, GSEC, or equivalent certification preferred.