Information Security and Compliance Analyst

Information Security and Compliance Analyst at Veracity Insurance Solutions, LLC

At Veracity, we aim to be a different kind of insurance partner – one that is free from outside investors, venture capital, or the pressures of a corporate parent. Ours is a culture of empowerment – one that believes in effort, results, and accountability. We believe that transparency fosters trust, trust fosters growth, and that growth drives innovation. Our commitment to rigorous evaluation and relentless execution leads to rapid evolution. We answer only to the small business owners we serve, and this independence allows us to stay focused on what matters most: helping their businesses thrive by providing expert guidance and best-in-class insurance policies. We’re growing fast and want you to be a part of it!

We’re seeking a highly capable and detail-oriented Information Security and Compliance Analyst to join our team. Reporting to the Technical Operations and Information Security Manager, this remote role plays a critical part in maintaining a strong security and compliance posture by owning day-to-day SOC 2 readiness, supporting audits, and ensuring security policies, controls, and documentation are accurate, current, and audit-ready.

The Information Security and Compliance Analyst will work cross-functionally to maintain compliance with SOC 2, PCI DSS, and related frameworks, proactively identify control gaps, and help ensure the organization remains secure, compliant, and prepared for audits with minimal oversight.

Key Responsibilities

• Own day-to-day execution of the SOC 2 compliance program, including maintaining audit readiness, managing evidence, and supporting successful audit outcomes with minimal supervision
• Implement, maintain, and continuously improve security policies, standards, and controls aligned with SOC 2 Trust Services Criteria and other applicable framework
• Maintain complete, accurate, and audit-ready documentation, including policies, procedures, control narratives, risk assessments, and evidence repositories
• Coordinate and manage audit activities for SOC 2, PCI DSS, and related assessments, including auditor requests, walkthroughs, and follow-up
• Monitor security tooling and system activity to identify, investigate, document, and escalate potential security events or control gaps
• Lead vulnerability management efforts, including executing scans, tracking remediation, validating fixes, and documenting outcomes for audit purposes
• Support incident response activities by coordinating triage, documenting incidents, and ensuring post-incident actions and evidence are properly captured
• Perform and document user access reviews, control testing, and risk assessments to support ongoing compliance and control effectiveness
• Partner with IT, Engineering, and Compliance teams to remediate findings, strengthen controls, and ensure secure system configuration
• Track and report on security and compliance metrics, risks, and remediation status to support leadership visibility and decision-making
• Identify opportunities to strengthen controls, reduce audit friction, and improve the efficiency and maturity of the overall security and compliance program
• Required to perform other duties as requested, directed, or assigned

Requirements and Qualifications

• Bachelor’s degree in Information Systems, Information Technology, Cybersecurity, or a related field
• 2–3 years of hands-on experience in security compliance, governance, risk, or audit-focused roles, with direct SOC 2 audit experience required
• Demonstrated ability to manage audits, evidence collection, and control documentation independently with minimal oversight
• Strong understanding of SOC 2 Trust Services Criteria, audit workflows, and common control requirements
• High integrity, strong attention to detail, and accountability when handling sensitive, regulated, or confidential information
• Proactive, analytical problem-solving skills with the ability to identify control gaps and drive remediation
• Strong written and verbal communication skills, including the ability to work directly with auditors and technical stakeholders
• Proven ability to collaborate effectively with IT, Engineering, and Compliance teams on remediation and security initiatives
• Ability to remain composed, organized, and effective under pressure, particularly during audits or security incidents

Perks

• Health, dental, and vision plans
• Amazing work-life balance with 4 weeks of Paid Time Off
• 10 Paid Company Holidays with 2 floating holidays
• 401K Programs with employer match
• Personal assistance programs for support in a healthy personal and work life

Why Veracity?

Here at Veracity, you’ll be part of a team of trailblazers and visionaries. We’re not just revolutionizing the way people “do” insurance; we are creating a whole new paradigm. Here, you will experience a vibrant and inclusive workplace where your ideas matter! With us, you have a chance to:

• Engage in groundbreaking projects that are reshaping the insurance landscape
• Collaborate with a group of dedicated, like-minded professionals
• Experience a culture that prioritizes growth and development

Compensation

Compensation Range: $85k/yr - $100k/yr

Equal Opportunity Employer

We are proud to be an equal-opportunity employer. We are committed to providing equal opportunities to all qualified applicants, regardless of race, color, religion, sex, national origin, disability, or any other legally protected characteristics. If you need accommodation, please let us know during the interview process.

Key skills/competency

• SOC 2 Compliance
• PCI DSS
• Audit Management
• Vulnerability Management
• Incident Response
• Security Policies
• Risk Assessment
• Control Testing
• Evidence Collection
• Cross-functional Collaboration