Key skills
AWSAzureSaaSSalesforceAtlassianJiraConfluenceStakeholder ManagementRisk ManagementCommunicationCustomer SuccessSales
About this role
Role Overview
- Play a significant role in Nitro’s compliance programs (ISO 27001, SOC 2, HIPAA, DORA), ensuring a continuous state of readiness and certification maintenance.
- Act as the main point of contact for Nitro’s external compliance vendor, managing communications, audits, evidence requests, and ongoing improvement initiatives.
- Implement and champion Nitro’s “always-on compliance” strategy
- embedding compliance automation and continuous control monitoring across our systems.
- Maintain the internal GRC calendar and ensure all compliance activities are completed on schedule.
- Develop, maintain, and refine security policies, procedures, and standards, ensuring alignment with frameworks and practical applicability.
- Report on compliance status, control effectiveness, and risks to management and stakeholders.
- Provide security governance and oversight for Nitro’s portfolio of applications, platforms, and integrations
- including Salesforce, Atlassian (Jira/Confluence), Microsoft 365, AWS, and other critical SaaS systems.
- Partner with system owners to ensure security configurations, access controls, and audit logs meet Nitro’s standards and compliance requirements.
- Conduct periodic reviews of key systems to verify proper implementation of controls (e.g., MFA enforcement, data retention, access management, logging).
- Ensure consistent risk assessment and control validation across both internally managed and third-party services.
- Collaborate with IT and Engineering teams to remediate control gaps and strengthen system-level governance.
- Develop and maintain an inventory of systems and integrations, tracking ownership, classification, and control coverage.
- Partner with Sales and Customer Success to respond to security questionnaires, RFPs, and due diligence requests from customers and prospects.
- Maintain and continuously improve Nitro’s Trust and Security documentation, ensuring it reflects our current certifications and controls.
- Support customer security reviews by clearly articulating Nitro’s security and compliance posture.
- Coordinate risk assessments across platforms and business processes; ensure identified risks are tracked and mitigated.
- Manage and evolve Nitro’s vendor risk management program, assessing third-party partners and integrations.
- Identify opportunities to streamline and automate compliance activities through tools, integrations, and data-driven reporting.
- Collaborate closely with Security Operations to align compliance controls with operational monitoring and incident response capabilities.
- Stay current on emerging security and regulatory trends, helping Nitro anticipate and adapt to new requirements.
Requirements
- 3–5+ years of experience in Information Security, GRC, or Security Assurance roles.
- Hands-on experience managing compliance frameworks such as ISO 27001, SOC 2, HIPAA, or DORA.
- Proven experience liaising with external auditors or compliance vendors.
- Strong understanding of security governance, risk management, and control frameworks (e.g., ISO, NIST, COBIT).
- Demonstrated experience with SaaS and enterprise platforms (e.g., Salesforce, Atlassian, Microsoft 365, AWS, Azure or similar).
- Excellent communication, coordination, and stakeholder management skills.
- Strong analytical and organizational skills with attention to detail.
- Experience developing or maintaining security policies, control documentation, and audit evidence.
Tech Stack
- AWS
- Azure
Benefits
- Health insurance
- Dental coverage
- Vision coverage
- Wellness perks
- Pension/401k matching
- Flex Time Off
- Hybrid work model