ePromos Promotional Products
IT Security and Compliance Analyst
ePromos Promotional ProductsUnited States1 day ago
Full-timeRemote FriendlyInformation Technology
About EPromos

ePromos Promotional Products, LLC, has been a leading industry distributor in the promotional space for over 20 years! Our award-winning website combined with our sales strategy, service capabilities and enterprise level solutions consistently set us apart.

As a remote-first company, ePromos embraces flexibility, collaboration, and continuous improvement. Our team is composed of passionate professionals who thrive in a fast-paced, performance-driven culture where ideas are valued and innovation is encouraged. Our values are strong with a deep-rooted emphasis on giving back as part of our ePromos Cares mission.

At ePromos, we don’t just sell products—we help build brands. Join us and be part of a company that’s redefining the promotional marketing space through strategic thinking, bold creativity, and a people-first approach.

BASIC FUNCTION SUMMARY:

The IT Security & Compliance Analyst is responsible for managing, coordinating, and responding to annual and day-to-day IT security and privacy compliance requests from customers and prospects. This role is critical for maintaining the company’s reputation for robust information security, fulfilling due diligence efforts, and supporting regulatory compliance programs, including ISO 27001, SOC 2 Type 2, and other frameworks that impact the eCommerce business. The analyst will collaborate closely with IT, Legal, Sales, and Operations teams to ensure customer requests and audits are addressed accurately, efficiently, and in alignment with internal policies and industry best practices

ESSENTIAL FUNCTIONS: Duties, Skills, Responsibilities, and Expectations

Compliance Request Management

  • Manage timely handling of annual and ad-hoc customer security questionnaires, compliance surveys, and audit requests
  • Review and complete customer-provided documentation, including ISO 27001 and SOC 2 assessments, security contracts, and privacy inquiries from both prospective and existing clients
  • Track and report on compliance request metrics and statuses to leadership

Security & Technology Monitoring:

  • Monitor company websites and web applications for security threats, vulnerabilities, and suspicious activity, using both automated security tools and manual assessments
  • Conduct routine vulnerability scans, penetration tests, and patch level assessments to ensure sites meet internal and external security standards
  • Maintain and regularly update company security and privacy policies to address evolving threats, regulatory requirements, and audit findings
  • Ensure websites and applications are properly patched, configured, and tested to pass ISO 27001, SOC 2 Type 2, and other relevant compliance audits
  • Serve as a point of escalation for emerging web-based security risks and coordinate timely remediation efforts
  • Collaborate with IT and development teams to design and enforce secure release management practices, ensuring vulnerability management is an integral part of the software lifecycle
  • Advise stakeholders regularly on security trends, new risks, and required changes to maintain compliance and business resilience

Program Administration & Documentation:

  • Maintain and update all compliance documentation, such as policies, certifications, control inventories, process narratives, and audit evidence logs
  • Ensure information within customer trust portals and knowledge bases is current and meets regulatory requirements
  • Gather, organize, and prepare responses and evidence for internal and external audits
  • Lead readiness activities and facilitate annual ISO and SOC reviews with external auditors

Control Monitoring & Reporting

  • Coordinate internal control testing, evidence collection, and risk assessments needed to demonstrate ongoing compliance with ISO 27001, SOC 2, and privacy frameworks
  • Prepare reports for management and stakeholders summarizing compliance trends, remediation efforts, and open risks

Training, Process Improvement & Regulatory Awareness:

  • Plan, develop, and deliver cybersecurity awareness training programs for employees—including mandatory onboarding modules, annual refresher courses, and targeted materials for specific roles and locations
  • Conduct simulated phishing tests and other assessments to measure employee security awareness, using results to identify training gaps and improve program effectiveness
  • Document training participation, results, and ongoing training compliance for audit and regulatory review
  • Prepare reports for management and stakeholders summarizing compliance trends, remediation efforts, open risks, and training status
  • Identify and implement continuous improvement opportunities in compliance and security request handling processes
  • Monitor evolving regulatory and industry requirements; recommend and support changes to internal policies and controls

MINIMUM REQUIREMENTS:

  • Compliance Experience: Minimum 3 years’ experience in IT security or privacy compliance, ideally within eCommerce or SaaS; direct experience with ISO 27001, SOC 2, or similar frameworks required
  • Security & Regulatory Knowledge: Strong understanding of information security controls, risk management methodologies, and privacy principles
  • Document Management: Proven ability to organize and maintain policies, evidence logs, and documentation for audit and customer response purposes
  • Analytical & Communication Skills: Excellent attention to detail and written/verbal communication skills; able to translate technical control requirements for non-technical audiences
  • Tool & Platform Familiarity: Experience with GRC, compliance automation, or Jira ticketing platforms is a plus
  • Problem Solving: Strong analytical skills for diagnosing and resolving technical issues by analyzing system logs, error messages, and performance metrics
  • Education: Bachelor’s degree in information security, Computer Science, Business, or relevant discipline, or equivalent work experience
  • Certifications: ISO 27001 Lead Implementer, SOC 2, CISA, CISSP, or similar certifications beneficial but not required

WORKING CONDITIONS

  • The position is fully remote (US only)
  • Ability to accommodate multiple time zones, with primary ET (EST/EDT) coverage
  • Dedicated workspace and high-speed internet required
  • Frequent video conference/email/chat communication

PHYSICAL DEMANDS

  • Maintaining a stationary position for up to 50% of the workday
  • Consistently operate a computer and other productivity equipment
  • Clarity of vision of 30” or less
  • Ability to perceive sound for oral communication
  • Exertion of up to 10 lbs. for lifting or moving objects

Compensation for this role will vary based on factors such as qualifications, experience, skill level, and competencies. The Company will meet minimum wage or the minimum of the pay range (whichever is higher) based on city, county, and state requirements.

We are an Equal Opportunity Employer!

We are committed to creating a diverse workplace environment and are proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status1.

We do not accept resume submissions from third party recruiters.

Powered by JazzHR

vYoGeMlEMJ

Key Skills

Ranked by relevance
Apply