Security Analyst (Hybrid) at Nitrosoftwareinc

About Us: A global SaaS leader for seamless digital document workflows, Nitro offers a suite of solutions for PDF, eSigning, identity verification and analytics supported by a best-in-class customer success and change management team. With more than 3 million licensed users and 13,000+ business customers across 157 countries, we serve 67% of the Fortune 500. How We Work: We aim to create an environment where talented individuals are empowered to excel. How we collaborate, innovate, and engage with one another is important to us. Our work is driven by 5 key principles: • One team, One mission Our collective dedication to Nitro's mission defines us. Together, we are building an environment where everyone feels like a valued part of something bigger than themselves. • Own it We take full ownership of our actions and decisions. We empower one another to lead with confidence, creativity, and a solutions-focused mindset. • Accountable to our customers We are dedicated to our customers and take our commitments seriously. We do what we say we are going to do. • Excellence in execution Driven by passion and precision, ​we exemplify excellence in our delivery with innovative, top-quality results. • Be bold, fail fast, learn faster We learn as we grow, dare to try, ​and bravely question. We are not chasing perfection but forever iterating towards it. These guiding values shape our approach to work, fostering a culture where everyone is inspired to contribute their best. The Role: We are looking for a proactive, detail-oriented, and collaborative Security Analyst with a strong focus on Governance, Risk, and Compliance (GRC) to help evolve and sustain Nitro’s global security and compliance posture. This key role is central to ensuring Nitro maintains “always-on compliance” - embedding governance and control assurance into daily operations. The successful candidate will help maintain and mature Nitro’s core compliance programs, including ISO 27001, SOC 2, HIPAA, and DORA, while serving as the primary point of contact (POC) for our external compliance vendor. In addition to managing our compliance frameworks, this role will drive Security oversight across Nitro’s diverse ecosystem of business-critical applications, platforms, and integrations - including systems such as Salesforce, Atlassian, Microsoft 365 and other SaaS and cloud-based services. The analyst will ensure these environments are governed by consistent, effective controls and that security risk is continuously monitored and managed. You’ll collaborate across Security Operations, IT, Engineering, Legal, Sales, and Customer Success amongst others to ensure Nitro’s security practices are robust, transparent, and trusted - both internally and by our customers. What You Will Be Doing Governance, Risk, and Compliance • Play a significant role in Nitro’s compliance programs (ISO 27001, SOC 2, HIPAA, DORA), ensuring a continuous state of readiness and certification maintenance. • Act as the main point of contact for Nitro’s external compliance vendor, managing communications, audits, evidence requests, and ongoing improvement initiatives. • Implement and champion Nitro’s “always-on compliance” strategy - embedding compliance automation and continuous control monitoring across our systems. • Maintain the internal GRC calendar and ensure all compliance activities are completed on schedule. • Develop, maintain, and refine security policies, procedures, and standards, ensuring alignment with frameworks and practical applicability. • Report on compliance status, control effectiveness, and risks to management and stakeholders. Security Oversight Across Nitro’s Applications and Platforms • Provide security governance and oversight for Nitro’s portfolio of applications, platforms, and integrations - including Salesforce, Atlassian (Jira/Confluence), Microsoft 365, AWS, and other critical SaaS systems. • Partner with system owners to ensure security configurations, access controls, and audit logs meet Nitro’s standards and compliance requirements. • Conduct periodic reviews of key systems to verify proper implementation of controls (e.g., MFA enforcement, data retention, access management, logging). • Ensure consistent risk assessment and control validation across both internally managed and third-party services. • Collaborate with IT and Engineering teams to remediate control gaps and strengthen system-level governance. • Develop and maintain an inventory of systems and integrations, tracking ownership, classification, and control coverage. Customer and Sales Support • Partner with Sales and Customer Success to respond to security questionnaires, RFPs, and due diligence requests from customers and prospects. • Maintain and continuously improve Nitro’s Trust and Security documentation, ensuring it reflects our current certifications and controls. • Support customer security reviews by clearly articulating Nitro’s security and compliance posture. Risk Management and Continuous Improvement • Coordinate risk assessments across platforms and business processes; ensure identified risks are tracked and mitigated. • Manage and evolve Nitro’s vendor risk management program, assessing third-party partners and integrations. • Identify opportunities to streamline and automate compliance activities through tools, integrations, and data-driven reporting. • Collaborate closely with Security Operations to align compliance controls with operational monitoring and incident response capabilities. • Stay current on emerging security and regulatory trends, helping Nitro anticipate and adapt to new requirements. What You Must Have • 3–5+ years of experience in Information Security, GRC, or Security Assurance roles. • Hands-on experience managing compliance frameworks such as ISO 27001, SOC 2, HIPAA, or DORA. • Proven experience liaising with external auditors or compliance vendors. • Strong understanding of security governance, risk management, and control frameworks (e.g., ISO, NIST, COBIT). • Demonstrated experience with SaaS and enterprise platforms (e.g., Salesforce, Atlassian, Microsoft 365, AWS, Azure or similar). • Excellent communication, coordination, and stakeholder management skills. • Strong analytical and organizational skills with attention to detail. • Experience developing or maintaining security policies, control documentation, and audit evidence. Nice to Have • Certifications such as CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, or equivalent. • Familiarity with data protection and privacy regulations (GDPR, CCPA). • Experience in third-party risk management or vendor assurance programs. • A mindset for continuous improvement and process automation in compliance operations. • Prior experience in a SaaS or cloud-first organization with complex integrations. Why Nitro? Along with our regular benefits and programs (including health, dental, vision, and retirement as standard), we are also very proud to offer a few additional initiatives to future Nitronauts: Flex Time Off Work-life balance is important at Nitro, and we understand that there are events that we cannot plan for. We are proud to offer Flex Time Off to be used for holidays, spending days with your family, or appointments. Hybrid Work Our team embraces the hybrid work model, appreciating its blend of flexibility and structure. We combine three days of in-person collaboration at our global offices in Toronto, Dublin, Antwerp, Porto, and Melbourne with the convenience of two days of remote work each week. Benefits: Nitro provides all employees with a comprehensive benefits package that includes health insurance, dental and vision coverage, and wellness perks. We also offer pension/401k matching, along with many other country-specific benefits. Nitro strongly encourages applications from everyone regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status. We provide an accessible candidate experience and invite you to request any accommodations or adjustments throughout the interview process and beyond. #LI-EC1 #LI-Hybrid