Information Security and Compliance Analyst

At Veracity, we aim to be a different kind of insurance partner – one that is free from outside investors, venture capital, or the pressures of a corporate parent. Ours is a culture of empowerment – one that believes in effort, results, and accountability. We believe that transparency fosters trust, trust fosters growth, and that growth drives innovation. Our commitment to rigorous evaluation and relentless execution lead to rapid evolution. We answer only to the small business owners we serve, and this independence allows us to stay focused on what matters most: helping their businesses thrive by providing expert guidance and best-in-class insurance policies. We’re growing fast and want you to be a part of it! We’re seeking a highly capable and detail-oriented Information Security and Compliance Analyst to join our team. Reporting to the Technical Operations and Information Security Manager, this role plays a critical part in maintaining a strong security and compliance posture by owning day-to-day SOC 2 readiness, supporting audits, and ensuring security policies, controls, and documentation are accurate, current, and audit-ready. The Information Security and Compliance Analyst will work cross-functionally to maintain compliance with SOC 2, PCI DSS, and related frameworks, proactively identify control gaps, and help ensure the organization remains secure, compliant, and prepared for audits with minimal oversight. Key Responsibilities • Own day-to-day execution of the SOC 2 compliance program, including maintaining audit readiness, managing evidence, and supporting successful audit outcomes with minimal supervision • Implement, maintain, and continuously improve security policies, standards, and controls aligned with SOC 2 Trust Services Criteria and other applicable framework • Maintain complete, accurate, and audit-ready documentation, including policies, procedures, control narratives, risk assessments, and evidence repositorie • Coordinate and manage audit activities for SOC 2, PCI DSS, and related assessments, including auditor requests, walkthroughs, and follow-up • Monitor security tooling and system activity to identify, investigate, document, and escalate potential security events or control gap • Lead vulnerability management efforts, including executing scans, tracking remediation, validating fixes, and documenting outcomes for audit purpose • Support incident response activities by coordinating triage, documenting incidents, and ensuring post-incident actions and evidence are properly capture • Perform and document user access reviews, control testing, and risk assessments to support ongoing compliance and control effectivenes • Partner with IT, Engineering, and Compliance teams to remediate findings, strengthen controls, and ensure secure system configuration • Track and report on security and compliance metrics, risks, and remediation status to support leadership visibility and decision-makin • Identify opportunities to strengthen controls, reduce audit friction, and improve the efficiency and maturity of the overall security and compliance progra • Required to perform other duties as requested, directed, or assigned Requirements and Qualifications • Bachelor’s degree in Information Systems, Information Technology, Cybersecurity, or a related fiel • 2–3 years of hands-on experience in security compliance, governance, risk, or audit-focused roles, with direct SOC 2 audit experience require • Demonstrated ability to manage audits, evidence collection, and control documentation independently with minimal oversigh • Strong understanding of SOC 2 Trust Services Criteria, audit workflows, and common control requirement • High integrity, strong attention to detail, and accountability when handling sensitive, regulated, or confidential informatio • Proactive, analytical problem-solving skills with the ability to identify control gaps and drive remediatio • Strong written and verbal communication skills, including the ability to work directly with auditors and technical stakeholder • Proven ability to collaborate effectively with IT, Engineering, and Compliance teams on remediation and security initiative • Ability to remain composed, organized, and effective under pressure, particularly during audits or security incidents Perks • Health, dental, and vision plans • Amazing work-life balance with 4 weeks of Paid Time Off • 10 Paid Company Holidays with 2 floating holidays • 401K Programs with employer match • Personal assistance programs for support in a healthy personal and work life Why Veracity? Here at Veracity, you’ll be part of a team of trailblazers and visionaries. We’re not just revolutionizing the way people “do” insurance; we are creating a whole new paradigm. Here, you will experience a vibrant and inclusive workplace where your ideas matter! With us, you have a chance to: • Engage in groundbreaking projects that are reshaping the insurance landscape • Collaborate with a group of dedicated, like-minded professionals • Experience a culture that prioritizes growth and development Compensation Range: $85k/yr - $100k/yr We are proud to be an equal-opportunity employer. We are committed to providing equal opportunities to all qualified applicants, regardless of race, color, religion, sex, national origin, disability, or any other legally protected characteristics. If you need accommodation, please let us know during the interview process. Apply tot his job