back to careers

Information Security Risk Compliance Analyst

Raleigh, North Carolina

As an Information Security Risk Compliance Analyst, you will be working on the Security team and reporting directly to the CISO. You will contribute to supporting and maintaining the information security program to ensure that information assets and associated information systems are adequately protected in the digital ecosystem. This role supports all day-to-day operations, functions and capabilities relating to technology risk and compliance. The role supports the Information Security compliance program and is responsible for operating the technology risk management processes, maintaining the technology related Information Security policies, and completing risk assessments of technology related initiatives. We are looking for someone that is passionate about Security, quality, and knowledge sharing within a team environment. 


  • Work with the CISO to establish, implement, maintain and continually improve an information security management system and obtain ISO 27k certification
  • Assessing and providing analysis on periodic audits and security compliance reviews (e.g. SOC I,II, ISO 27001/2, GDPR, NIST 800-53)
  • Security analysis and configuration in an AWS and data center environment
  • Developing monitoring procedures and automation of internal security controls and performing periodic testing to validate effectiveness
  • Create polices to fill in gaps in risks and implement monitoring procedures to ensure policy compliance
  • Documenting compliance findings and risks, as well as championing recommendations for remediation
  • Assisting in building and maintaining technology and security controls
  • Assisting in the development of incident response procedures
  • Consulting internal stakeholders regarding Security, Compliance and Control requirements
  • Working with external auditors to assist in the completion of annual compliance audits for ISO27k/SOCI/II


  • BS Degree in Management Information Systems, Computer Science or a technology related field is strongly preferred
  • 5+ years’ experience in information security and testing of internal controls eg. SOC, ISO27001/2 NIST 800-53
  • Must have experience in ISO27001 implementation and certification
  • Experience in AWS and data center security practices
  • Knowledge or strong interest in infrastructure security, operations security, information technology controls and tools
  • Experience with GRC and controls baselines
  • Project management and organizational skills
  • Strong technical, analytic, and communication skills (both written and verbal). Attention to detail and nuance, with a working familiarity with compliance practices and tools
  • CISA, CISM, CISSP or other certifications strongly preferred.

About Nucleaus™

Nucleaus, directly and through its group subsidiaries, is a leading application security platform. Founded by previous operators of fortune 500 companies, Nucleaus™ has disrupted the multi-billion dollar Application Security market with innovative technology that simple, approachable, affordable and actionable. Our mission is simple - we want to make sure that everyone, from Fortune 1 to SMB's can protect themselves against Cyber threats. With Nucleaus™, there are no barriers to entry, skills, cost or technology need to scan your code. Nucleaus™ continues to drive major innovations around securing code, artificial intelligence and machine learning to stay ahead in the field of Cyber Security. 

Nucleaus is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. 

Nucleaus™ Benefits Include:

Upper Tier Medical, Dental & Vision

  Rest & Relaxation

Generous vacation days


Competitive pay and benefits

Submit application

Contact Information
How did you hear about this job?