Compliance Analyst at Luminance | Hybrid Hired

About the role

Compliance Analyst managing ISO/IEC 27001 and SOC 2 compliance programmes at Luminance. Collaborating with Security, Procurement, and Legal teams to ensure robust compliance workflows.

Responsibilities

Maintain and operate the ISO/IEC 27001:2022 ISMS.
Support ongoing SOC 2 (Type II) and CMMC Level 1 compliance programmes.
Manage compliance calendars, testing cycles, and control monitoring activities.
Coordinate external audits (ISO surveillance/recertification, SOC 2, CMMC).
Perform periodic control checks and collect, validate, and organise audit evidence.
Track nonconformities, findings, and corrective actions through to closure.
Escalate material control gaps or risks to the Information Security Manager.
Define and operate a proportionate, tiered supplier due diligence model.
Work with Procurement to ensure appropriate questionnaires and documentation are issued and completed.
Perform contextual risk assessments and provide compliance sign-off.
Partner with Legal where contractual or regulatory review is required.
Formalise structured, repeatable compliance workflows that scale with business growth.
Identify opportunities to reduce manual effort through automation or process improvement.
Maintain and evolve the risk register and remediation tracking processes.
Support awareness and training initiatives to improve organisational compliance maturity.

Requirements

Demonstrable experience in information security compliance, IT audit, or Governance, Risk & Compliance (GRC).
Working knowledge of ISO/IEC 27001:2022 and/or SOC 2 Trust Services Criteria.
Experience supporting audits and managing evidence collection.
Strong organisational, documentation, and stakeholder coordination skills.
Ability to interpret regulatory and control requirements and translate them into practical business processes.
Excellent written and verbal communication skills.
**Desirable (but not essential)**
ISO 27001 Internal Auditor certification.
Experience in SaaS or cloud-based environments.
Familiarity with CMMC and NIST SP 800 frameworks.
Working knowledge of risk management frameworks (ISO 31000, NIST RMF, FAIR).
Experience with GRC platforms (e.g., Drata, Vanta, Secureframe).
Exposure to AWS security controls.

Similar roles

Browse all Compliance jobs

1 hour ago

LA

Governance, Risk & Compliance Officer, Data Protection

LightTower Consulting - People & Culture Advisors

Governance, Risk & Compliance Officer focusing on data protection for an international trade company. Developing GRC structures and ensuring compliance with privacy regulations.

Hybrid Role

Frankfurt Germany Compliance

17 hours ago

AS

Consultant II, Compliance

AltaMed Health Services

Compliance Advisor II supporting enterprise - wide compliance operations at AltaMed. Involves audits, training, policy drafting, and compliance queries with healthcare focus.

Hybrid Role

Commerce United States Compliance

$68,640 - $85,508 per year

19 hours ago

RE

Manager, Regulatory Affairs Strategy – Immunology, Inflammation

Regeneron

Manager, Regulatory Affairs coordinating global regulatory submissions for therapeutic development. Collaborating cross - functionally to meet regulatory agency requirements and ensure compliance.

Onsite Role

Tarrytown United States Compliance

$128,600 - $210,000 per year

21 hours ago

MS

Senior Scientist, Regulatory Affairs

MSD

Senior Scientist responsible for developing and maintaining Core Labeling for pharmaceutical products. Collaborating with global teams to ensure compliance with regulatory requirements and quality standards.

Hybrid Role

North Wales United States Compliance

$106,200 - $167,200 per year

yesterday

JJ

Compliance Intern

Johnson & Johnson

Compliance Intern offering forensic analysis support for Johnson & Johnson. Engaging in audits and analytical tasks in a hybrid work environment in New Brunswick, NJ.

Hybrid Role

New Brunswick United States Compliance

$26 - $28 per hour

yesterday

JJ

Director, Global Regulatory

Johnson & Johnson

Director, Global Regulatory Leader responsible for global regulatory strategies in innovative medicine for investigational products. Leading cross - functional teams and ensuring regulatory compliance with health authorities.

Hybrid Role

United States Compliance

$164,000 - $282,900 per year

yesterday

SI

Governance, Risk and Compliance Analyst

Siteimprove

GRC Analyst supporting Siteimprove's security governance, risk, and compliance team. Engaging with customers, managing vendor security reviews, and enhancing security practices.

Hybrid Role

Toronto Canada Compliance

CA$61,891 - CA$77,364 per year

yesterday

AM

Compliance Manager

Air Methods

Compliance Manager overseeing United Rotorcraft’s compliance initiatives with federal standards. Ensuring audit readiness and managing supplier compliance and training programs.

Onsite Role

Englewood United States Compliance

$113,400 - $144,375 per year

yesterday

BG

Regulatory Compliance Projects Manager

Betclic Group

Regulatory Compliance Projects Manager at Betclic ensuring compliance in product development and coordinating regulatory matters across jurisdictions. Leading cross - functional projects in a dynamic environment.

Hybrid Role

Bordeaux France Compliance

2 days ago

TH

Trade Compliance Officer

Thales

Trade Compliance Officer managing US trade compliance operations for Thales' InFlight Entertainment Business Line. Developing and implementing comprehensive trade compliance programs aligned with regulatory requirements.

Hybrid Role

Orlando United States Compliance

$109,016 - $198,352 per year