geo1010geodi
Sr IT Analyst - Security
Job description
Senior IT Analyst - Security
The Senior IT Analyst - Security is a key member of the Information Security team, responsible for maintaining and advancing the organization's compliance posture across a broad portfolio of regulatory frameworks. Reporting to the Head of Security, this role leads audit readiness and evidence management for SOC 1, SOC 2, and HIPAA engagements; operationalizes controls aligned to ISO 27001 and NIST frameworks; and serves as the internal subject-matter expert for data protection regulations across North and South America. Requires a practitioner who can translate technical security controls into audit-ready artifacts and communicate risk clearly to both technical teams and executive stakeholders. Drives security governance, compliance, and risk management initiatives.
Who We Are
GEODIS specializes in unlocking business value in a complex world, ensuring seamless movement of goods worldwide. As a global third-party logistics provider (3PL), we power A Better Way to Deliver for the world's top brands and manufacturers. Fuel your career with GEODIS and discover endless growth opportunities.
Your role on the team
- IT Compliance & Audit Management
- Direct the planning, execution, and successful completion of annual SOC 1 Type 2 (SSAE 18 /AT-C 320) and SOC 2 Type 2 audits, including audit scoping, control readiness assessments, evidence management, stakeholder coordination, and primary engagement with external auditors.
- Lead company HIPAA Security Rule compliance initiatives by overseeing risk assessments, risk mitigation strategies, and the design, implementation, and documentation of administrative, physical, and technical safeguards to ensure ongoing regulatory compliance and operational effectiveness.
- Provide guidance to control owners regarding compliance obligations, documentation expectations, evidence collection, remediation activities, and audit readiness.
- Coordinate cross-functional teams (IT, Engineering, HR, Legal) to gather and validate audit evidence in a timely manner.
- Manage findings and observations through to closure, including root-cause analysis, remediation planning, and evidence of corrective action.\
- Develop and maintain compliance metrics, dashboards, and reporting to support visibility into governance and compliance activities.
- ISO 27001 & NIST Control Framework
- Serve as a trusted internal subject-matter expert (SME) for the ISO 27001 Information Security Management System (ISMS), providing strategic guidance on governance, policy development, risk management, control implementation, and management review processes.
- Lead the alignment and mapping of organizational security policies, standards, and procedures to ISO 27001 Annex A controls, ensuring continued compliance and proactive adaptation to evolving regulatory and industry requirements.
- Apply the NIST Cybersecurity Framework (CSF) and NIST SP 800-53 control catalog to evaluate the design and operating effectiveness of security controls, identify compliance gaps, and strengthen the organization's cybersecurity posture.
- Plan and execute periodic control assessments, internal audits, and maturity evaluations against ISO 27001 and NIST control frameworks, documenting findings, assessing risk impacts, and delivering prioritized remediation roadmaps to stakeholders.
- Partner with business, technology, and compliance teams to drive corrective action plans, monitor remediation efforts, and validate control improvements through ongoing governance and assurance activities.
- Support external audits, customer due diligence reviews, and third-party security assessments by providing control documentation, evidence packages, and framework mappings that demonstrate compliance with ISO 27001 and NIST requirements.
- Maintain awareness of emerging cybersecurity standards, regulatory developments, and industry best practices to continuously enhance the organization's security governance and control environment.
- Data Protection & Privacy Compliance - Americas
- Monitor, interpret, and implement data protection and privacy requirements across the Americas, including U.S. state privacy laws (CCPA/CPRA, VCDPA, CPA, TDPSA), GLBA, COPPA, Canada's PIPEDA and provincial privacy laws, Brazil's LGPD, Mexico's LFPDPPP, Argentina's Ley 25.326, Colombia's Ley 1581, Chile's Ley 19.628, and emerging regulatory frameworks.
- Maintain a privacy regulatory register documenting applicability, key compliance obligations, implementation status, and regulatory developments across relevant jurisdictions.
- Partner with Legal, Product, Engineering, and Security teams to conduct Data Protection Impact Assessments (DPIAs), privacy risk assessments, data mapping exercises, and Records of Processing Activities (RoPAs), ensuring privacy-by-design principles are embedded in business processes and technology solutions.
- Advise stakeholders on cross-border data transfers, data residency requirements, third-party processing arrangements, and jurisdiction-specific privacy obligations.
- Develop, maintain, and enhance privacy policies, standards, procedures, and governance controls to support regulatory compliance and organizational risk management.
- Support regulatory inquiries, customer assessments, and compliance audits by providing privacy documentation, evidence, and control artifacts.
- Deliver privacy awareness training and guidance to promote compliance, accountability, and responsible data handling practices across the organization.
- Policy, Risk & General Security Operations
- Develop, maintain, and periodically review information security policies, standards, and procedures to ensure alignment with ISO 27001, regulatory requirements, and industry best practices.
- Support enterprise risk management activities by conducting security risk assessments and evaluating threats, vulnerabilities, and control effectiveness using established methodologies such as NIST RMF and FAIR.
- Perform third-party risk assessments, including security questionnaire reviews, due diligence evaluations, and vendor risk analysis to support procurement and ongoing oversight activities.
- Participate in security incident response and post-incident review activities, documenting lessons learned and recommending control improvements to reduce future risk
- Monitor emerging cybersecurity threats, regulatory developments, and industry trends, providing timely analysis and actionable recommendations to leadership and key stakeholders.
- As required and assigned
- Supports GEODIS' programs for Safety, Health, Environment, Quality , Ethics, Compliance, CSR and Sustainability
What you need: (requirements)
- Bachelor's degree in Information Security, Computer Science, Information Systems, or a closely related field. Equivalent combination of education and directly relevant experience will be considered.
- Minimum 6 years of progressive experience in information security, IT audit, or IT compliance roles.
- Demonstrated hands-on experience managing SOC 1 and/or SOC 2 audit engagements as an auditee-side lead.
- Direct experience with HIPAA Security Rule compliance programs, including risk analysis and safeguard documentation.
- Practical working knowledge of ISO 27001 control domains and NIST SP 800-53 or CSF control families.
- Familiarity with data protection regulations in two or more Americas jurisdictions (e.g., CCPA/CPRA, LGPD, PIPEDA).
- Experience writing and maintaining information security policies, standards, and procedures.
- Proficiency with GRC platforms (e.g., OneTrust, Vanta, Drata, ServiceNow GRC, or equivalent).
- Certifications - One or More Required
- Certified Information Systems Security Professional (CISSP) - ISC²
- Certified Information Systems Auditor (CISA) - ISACA
- Certified Information Security Manager (CISM) - ISACA
- ISO 27001 Lead Auditor or Lead Implementer
- Certified in Risk and Information Systems Control (CRISC) - ISACA
- Preferred Qualifications
- Experience with SaaS or cloud-native environments (AWS, Azure, GCP) and relevant compliance considerations (e.g., shared responsibility model, cloud security controls).
- Familiarity with SOC 2 criteria extensions (Availability, Confidentiality, Processing Integrity, Privacy) beyond Security.
- Working knowledge of LGPD or other South American data protection frameworks in an operational compliance capacity.
- Experience supporting customer security reviews, RFP security questionnaires, or enterprise sales security due diligence.
- Familiarity with vulnerability management programs and how vulnerability data feeds compliance risk registers.
- Spanish or Portuguese language proficiency is a plus given regional privacy compliance responsibilities.
- Strong written and verbal communication skills, with the ability to translate complex regulatory, risk, and technical security concepts into clear, actionable guidance for diverse, non-technical stakeholders.
- Highly organized with strong attention to detail and the ability to manage multiple concurrent audits, assessments, and compliance initiatives within tight deadlines.
- Analytical and risk-focused mindset with demonstrated ability to identify control gaps, assess impact, and develop pragmatic, risk-based remediation strategies.
- Proven ability to collaborate effectively across cross-functional teams, including Engineering, Legal, HR, Finance, and Business stakeholders, to drive compliance and risk reduction outcomes.
- High level of professional integrity, judgment, and discretion in handling confidential, regulated, and sensitive information.
What you gain from joining our team
- Free telemedical access to doctors and therapists through First Stop Health is available on the first day of employment!
- Access wages early with the Rain financial wellness app
- Health, dental, and vision insurance after 30 days of employment
- 401k match
- Paid maternity and parental leave
- Access to career development, employee resource groups, and mentorship programs
- Employee discounts
- Access to employee perks like fitness class discounts and free access to a relaxation and meditation app
- Free financial wellness programs
- Daycare discount program
- Opportunities to volunteer and give back to your community.
- + more!
Join our Team!
- Visit our website at workatGEODIS.com and chat with our virtual recruiter, Sophie, to fast-track your way to an interview.
OR
Text DELIVER to 88300 to Apply!


