Security Analyst, Compliance

Pure Storage

Lehi, Utah

Full Time

Posted April 23, 2026

$110k - $165k

Not Specified

~84 people viewed this recently

Apply Now

Application opens on company website

Job Description

The Security Analyst, Compliance at Everpure is responsible for independently managing security certification programs, supporting compliance efforts, and ensuring the security and audit readiness of the company's systems through assessments, documentation, and collaboration with cross-functional teams.

Key Responsibilities

Lead and manage security certification programs (e.g., SOC 2, ISO 27001, FedRAMP) end-to-end with minimal supervision.
Support and streamline other certification audit cycles across various programs.
Collaborate with cross-functional teams and external auditors to ensure smooth project execution.
Conduct independent assessments and audits to support internal compliance efforts.
Translate security and compliance controls into technical solutions and implementation strategies.
Develop, track, and report on compliance metrics and drive process improvements.
Create and maintain comprehensive compliance documentation, including control narratives and audit evidence.
Perform recurring compliance tasks such as access reviews and vulnerability scans across multiple business units.

Requirements

Five (5) years of experience in IT audit, risk management, or IT compliance roles, with demonstrated experience running compliance certification programs and previous audit experience.
In-depth understanding of security controls and key compliance frameworks such as NIST, SOC 2, ISO 27001, FedRAMP, FIPS, and Common Criteria, as well as cloud platforms including AWS, Azure, and GCP.
Proven experience in designing technical controls to satisfy compliance requirements.
Strong written and verbal communication skills, with the ability to engage effectively with both internal teams and external auditors.
Ability to identify and recommend tools, processes, and software to improve and automate compliance practices.
Ability to independently run compliance certification programs end-to-end, including managing certification verticals such as SOC 2, ISO 27001, FedRAMP, and Common Criteria, with minimal supervision.
Ability to support other certification program verticals to streamline audit certification cycles.
Experience collaborating and maintaining communication with cross-functional teams such as Engineering, Legal, and Product, as well as external auditors, to ensure smooth project execution and successful outcomes.
Experience assisting and supporting internal teams through independent assessments and audits.
Ability to translate complex security and compliance controls into actionable technical solutions and implementation strategies.
Experience developing, tracking, and reporting on key compliance metrics (KCMs), and continuously driving process improvements to align with evolving industry standards and best practices.
Experience authoring and maintaining comprehensive compliance documentation, including control narratives, audit evidence, and supporting materials, ensuring they are accurate, up-to-date, and audit-ready.
Ability to independently drive recurring tasks and events such as access reviews and vulnerability scanning across multiple business units with differing scopes.
Willingness to work primarily in an in-office environment at the Lehi, UT office in compliance with company policies, unless on PTO, work travel, or other approved leave.
Relevant certifications such as CISSP, CISA, or CISM, ISO IEC 27001 Lead Implementer or Lead Auditor are preferred but not required.