Security Compliance Analyst

TL;DR

Security Compliance Analyst (SaaS): Ensuring hirify.global' systems and processes align with global audit standards and internal security policies with an accent on SOC2 Type II and PCI-DSS audits, recurring controls, and policy lifecycle management. Focus on coordinating security roadmap, managing project lifecycles, and conducting risk assessments in a cloud-native SaaS environment.

Location: Hybrid in Toronto, Canada. This role requires legal authorization to work in Canada.

Salary: CA$78,000–CA$97,000 annual compensation, which may include participation in incentive programs. Additionally, this position offers an equity grant and immediate enrollment in comprehensive benefits.

Company

hirify.global is a leading platform providing an all-in-one financial toolkit that automates invoicing, expenses, payments, and payroll, supporting small business owners.

What you will do

• Coordinate the Cybersecurity team’s strategic roadmap, tracking and reporting on project activities.
• Manage security initiative project lifecycles, identifying bottlenecks and dependencies.
• Drive SOC2 Type II and PCI-DSS audits, ensuring security controls are met and evidence is gathered accurately.
• Oversee recurring compliance controls like company-wide training and access certifications using automated systems.
• Conduct comprehensive security reviews on third-party vendors and service providers.
• Lead the annual review and update of Information Security policies and playbooks.

Requirements

• 3+ years of experience in IT Audit, GRC, or Information Security Compliance, specifically within a cloud-native or SaaS environment.
• Deep, practical understanding of SOC2 Type II and PCI-DSS audit standards.
• Proven ability to manage complex project streams and track roadmaps using tools like Jira and Confluence.
• Experience with compliance automation platforms (like Drata) and visibility into SOC/EDR tools (like Arctic Wolf or Crowdstrike).
• Exceptional organizational skills to manage multiple competing priorities and complex recurring schedules.
• Ability to work with minimal direction, proactively identifying tasks and establishing systems.

Nice to have

• Professional Certifications: Possession of a CISA, CRISC, CAPM, or PMP designation.
• Track record of using automation tools to streamline recurring compliance workflows.
• Familiarity with global privacy regulations such as GDPR or CCPA.

Culture & Benefits

• Comprehensive health and wellness benefits including flexible vacation, retirement savings program, stock options, parental leave, and annual healthy living credit.
• Perks such as a Peer Recognition Program, an Employee Assistance Program, and headphone credit.
• Office spaces in Toronto, Amsterdam, and San Luis Potosi; home office credit for remote employees without office access.
• Supportive peer group, mentors, and leaders fostering a strong sense of belonging and collective impact.
• Comprehensive company onboarding, career development through continuous coaching, training, and learning on the job.