Department: Security
Reports To: Director of Information Security
Employment Type: Full-Time
Location: Remote (US only)
Preferred Time Zones: Mountain or West Coast
About Sentant
Sentant is a managed service provider delivering IT support, cybersecurity, compliance, infrastructure, and strategic technology services to growing organizations. Our teams work closely together to provide responsive, practical, and security-focused solutions tailored to each client's operational and regulatory requirements.
Position Summary
The Security & Compliance Analyst supports Sentant's internal security operations and client-facing cybersecurity and compliance programs. This position is responsible for helping clients assess risk, implement security controls, maintain compliance documentation, prepare for audits, remediate identified gaps, and improve their overall security posture.
The ideal candidate has experience with cybersecurity fundamentals, governance, risk, and compliance practices, and the ability to translate technical security requirements into clear, actionable recommendations. This is a hands-on role requiring strong documentation, project management, client communication, and cross-functional collaboration skills. You will be supporting multiple client environments and must be comfortable balancing competing priorities, tracking billable work, and meeting established service expectations.
Key Responsibilities
Security & Risk Management
- Support the implementation, monitoring, and improvement of security controls across client and internal environments.
- Conduct security risk assessments, gap assessments, and control reviews, and develop practical remediation recommendations.
- Track remediation items through completion and escalate overdue or high-risk findings.
- Assist with security incident investigations, alert review, and follow-up activities in coordination with engineering and helpdesk teams.
- Support identity and access management reviews (user access, privileged accounts, MFA, account lifecycle) and vendor/third-party risk assessments.
- Help evaluate security configurations across Microsoft 365, Google Workspace, endpoint management, and cloud platforms.
Governance, Risk & Compliance
- Support clients working toward or maintaining compliance with frameworks such as SOC 2, HIPAA, NIST CSF, NIST 800-171, CIS Controls, ISO 27001, PCI DSS, CMMC, and other applicable requirements.
- Conduct readiness assessments and map client policies, procedures, and systems to applicable controls.
- Maintain compliance platforms, control records, evidence libraries, risk registers, and remediation trackers.
- Coordinate with auditors, assessors, and client stakeholders during audit and certification activities, and resolve gaps in audit evidence.
- Support compliance roadmaps and corrective action plans as ongoing programs, not one-time exercises.
Documentation
- Draft, review, and maintain information security policies, standards, procedures, and plans (incident response, business continuity, disaster recovery, acceptable use, access control, etc.), ensuring they reflect the client's actual environment.
- Produce clear technical notes, risk summaries, assessment reports, and executive-level recommendations.
- Maintain detailed records of completed work, decisions, and client communications, and keep documentation on an established review schedule.
Client & Team Collaboration
- Serve as a professional point of contact for assigned client security and compliance matters, participating in reviews, check-ins, and audit-prep sessions.
- Translate technical and regulatory requirements for both technical and nontechnical stakeholders, and help clients prioritize improvements based on risk, cost, and impact.
- Work closely with Security, Helpdesk, Engineering, Customer Success, and Operations teams, escalating significant risks or unresolved issues through established channels.
- Support security awareness training initiatives and the development of Sentant's internal security/compliance service offerings.
Service Delivery
- Maintain accurate ticket notes, task updates, and time records under the correct client, project, and work category.
- Meet established utilization, response-time, and project-delivery expectations, and communicate proactively when deadlines are at risk.
Required Qualifications
- Two or more years of experience in cybersecurity, information security, IT compliance, risk management, IT auditing, or a related field.
- Working knowledge of cybersecurity principles, risk management, access controls, vulnerability management, and incident response.
- Familiarity with one or more recognized security or compliance frameworks (see above).
- Experience drafting or maintaining security policies, risk registers, audit evidence, or compliance documentation.
- Strong written communication skills and the ability to explain security/compliance concepts to technical and nontechnical audiences.
- Strong attention to detail, sound judgment with confidential information, and the ability to manage multiple clients and deadlines simultaneously in a remote environment.
Preferred Qualifications
- Experience at an MSP, MSSP, consulting firm, or other multi-client environment.
- Experience with compliance/GRC platforms (e.g., Vanta), and familiarity with Microsoft 365, Entra ID, Intune, Google Workspace, Jamf, EDR, MDM, and cloud security tools.
- Experience supporting SOC 2, HIPAA, NIST, ISO 27001, PCI DSS, or CMMC readiness and audits.
- Relevant certifications: Security+, CySA+, CISA, or ISO 27001 certification.
Work Environment
This position primarily operates remotely. The employee must maintain a reliable internet connection, work securely with confidential information, attend video meetings, and remain available during assigned working hours. Occasional travel or onsite work may be required for audits, security incidents, or client projects.
Additional Information
This job description describes the general nature and level of work performed and is not an exhaustive list of responsibilities or qualifications. Duties may be modified based on business needs, client requirements, regulatory changes, or the employee's skills and experience.
Sentant is an equal opportunity employer and considers qualified applicants without regard to legally protected characteristics.