Senior Security Compliance Analyst

This is a remote position and must be based in Colombia For nearly two decades, Zonar Systems has been pioneering products and services that make the transportation industry safer, more productive, and more efficient. The Senior Security Compliance Analyst is a key member of the Zonar Security and Compliance team, responsible for leading activities that ensure Zonar’s products and supporting infrastructure meet applicable security and regulatory standards—including SOC 2, FedRAMP, and related customer and internal compliance requirements. This position provides both leadership and hands‑on execution within Zonar’s governance, risk, and compliance (GRC) program. The analyst will coordinate audits, manage evidence and control documentation, drive remediation activities, and work closely with Product Engineering, IT Security, and Corporate Operations teams across the U.S. and LATAM regions. The ideal candidate has direct experience in SaaS security compliance and is comfortable working cross‑functionally with both technical and non‑technical stakeholders. Key Responsibilities and Duties Security Governance and Framework Management (70% Focus) Lead and execute all tasks necessary to achieve and maintain critical security certifications, including SOC2 Type I and Type II and the roadmap towards FedRAMP (20x) compliance. Manage the GRC lifecycle by identifying control gaps, defining necessary security policies and standards, and tracking remediation efforts across engineering teams. Be the primary respondent for all customer and security questionnaires, documentation requests, and due diligence activities. Develop, implement, and maintain security policies, standards, and procedures in collaboration with stakeholders. Monitor regulatory changes and security advisories, recommending and overseeing the implementation of necessary threat and compliance remediations. Conduct risk assessments, document findings, and track remediation activities to closure. Support third‑party vendor security reviews, ensuring vendor compliance with security requirements. Monitor changes in regulatory or framework requirements (e.g., SOC, FedRAMP, ISO 27001, NIST 800-53) and ensure controls remain aligned. Technical Process Oversight (30% Focus) Provide expert‑level guidance and audit support on Secure Software Development Life Cycle (SSDLC) practices, including DevSecOps, Threat Modeling, and Secure Coding. Identify and document security risks and control deficiencies within Zonar Products, articulating the required fix to engineering teams. Collaborate with Engineering to evaluate and recommend strategic security technologies that support compliance requirements. Review system configurations and vulnerability scan results for compliance alignment. Develop and provide security training and awareness programs specifically targeted at engineers and product teams. Knowledge, Skills, and Abilities 5+ years of progressive experience in Information Security and Governance, Risk, and Compliance (GRC), with at least 3 years supporting SaaS product environments. Strong working knowledge of major security frameworks (e.g., ISO 27001, SOC2, and FedRAMP). Proven success participating in or leading SOC2 Type I and Type II and/or FedRAMP audit cycles. • Exceptional analytical and documentation skills, including the ability to create audit‑ready evidence and clear policy materials. Hands‑on familiarity with cloud technologies and controls (e.g., AWS, GCP, IAM, KMS, Security Command Center). Foundational understanding of software development or scripting (Python, Bash, PowerShell) sufficient to collaborate effectively with engineering teams. Bilingual – English and Spanish (fluent/professional working proficiency required). Strong written and verbal communication skills in both languages to collaborate with U.S. and LATAM teams. Preferred Qualifications: Experience using GRC and audit management tools (e.g., Drata, Vanta, Jira, Confluence). • Prior involvement in customer‑facing security assurance or sales support activities. Security certifications (CISA, CISSP, CCSK, or similar) a plus #J-18808-Ljbffr