Cybersecurity Compliance Analyst

Cybersecurity Compliance Analyst

• Department: Internal IT Helpdesk
• Employment Type: Full Time

Location: Costa Rica

• Reporting To: Chad Howell

Description

Newfire Global Partners is a leading technology firm that specializes in building transformative software solutions for some of the world’s most innovative companies. With a presence across four continents, Newfire Global brings deep expertise in digital healthcare, AI-driven analytics, and enterprise technology. The firm’s track record of delivering scalable, high-impact solutions has made it a trusted partner for organizations seeking to drive meaningful change through technology.

We are passionate about the purpose-driven mission to help improve the quality of care for patients and are building a collaborative, innovative, and inclusive culture. We are a fully funded company founded by serial entrepreneurs with a stable client base.
Opportunity for impact

Newfire Global Partners, a leader in developing disruptive healthcare technology, collaborates with Fortune 500 companies and start-ups to drive transformation. 
We are looking for a detail-oriented CyberSecurity Compliance Analyst to own and maintain a SOC 2 Type II compliance program. You will serve as the primary administrator of a Vanta instance, ensuring our controls operate effectively and that audit evidence is continuously gathered and accurately documented.

In this role, you will move beyond simple "box-checking" to help build a culture of security. You will work cross-functionally with Engineering, HR, and IT to remediate gaps.

Your Day-To-Day Activities:

• Vanta Administration: Serve as the owner of the Vanta platform. Configure integrations, monitor failing tests, and ensure the platform reflects the organization's real-time security posture.
• Audit Evidence Management: Gather, organize, and review audit evidence for SOC 2 controls. Ensure all evidence is current, accurate, and correctly mapped to the Trust Services Criteria.
• Control Monitoring: Perform daily/weekly reviews of automated compliance monitors in Vanta. Proactively reach out to control owners (e.g., developers, HR) to fix failing controls (e.g., ensuring background checks are completed, laptops are encrypted, or PRs are approved).
• Audit Coordination: Act as liaison with external auditors. Manage evidence requests. 
• Vendor Risk Management: Oversee the vendor onboarding process, ensuring third-party security reviews are documented and linked within Vanta.
• Policy Governance: Maintain and update internal security policies and procedures to ensure they align with current business operations and SOC 2 requirements.
• Access Reviews: Facilitate quarterly user access reviews for critical systems (AWS, GitHub, IDP) to ensure least-privilege access.

You’Re A Perfect Match If You Have:

• Experience: 2–4 years of experience in IT compliance, internal audit, or risk management.
• SOC 2 Expertise: Strong working knowledge of SOC 2 Trust Services Criteria (Security, Availability, Confidentiality).
• Vanta Proficiency: Hands-on experience using Vanta (or similar tools like Drata/Secureframe) to automate compliance.
• Technical Literacy: Ability to understand technical evidence (e.g., cloud infrastructure settings, SDLC workflows, encryption standards) and communicate effectively with engineering teams.
• Communication: Strong written and verbal communication skills; ability to chase down evidence from busy stakeholders.
• Experience with ISO 27001, HITRUST, HIPAA, or GDPR.
• Relevant certifications (CISA, CRISC, or CISSP).
• Experience in a B2B SaaS environment.

Please note that employment will be contingent upon providing documentation verifying your legal work authorization in the country of residence, in accordance with applicable law.