Cybersecurity Analyst

Cybersecurity Analyst

Introduction

I'm Joe Hurshman, Manager, Security & IT at Teamworks. We're a SOC 2, ISO 27001, and PCI DSS shop, and keeping that compliance posture tight as we grow is something I take seriously. Right now I need someone who can own the day-to-day execution of our GRC program so we're always audit-ready, not scrambling when an assessment comes around.

The Role

• Own end-to-end audit cycles across SOC 2, ISO 27001, and PCI DSS, including scoping, evidence collection, assessor coordination, and finding remediation
• Lead gap analysis and keep audit-ready documentation and policies current in the trust center
• Drive continuous monitoring obligations, including PCI DSS monthly reporting and SAQ completion
• Partner with IT, Engineering, and Sales to implement security controls and turn around vendor security questionnaires
• Maintain risk registers and incident playbooks as the business and threat landscape evolve

What I'm Looking For

What You Must Bring

• 3+ years of hands-on GRC experience with proven end-to-end audit cycle management across SOC 2, ISO 27001, and/or PCI DSS — at least one of these should be something you've run start to finish on your own
• Hands-on experience with a GRC automation platform (Drata, Vanta, Anecdotes, or equivalent)
• Experience with trust portal and questionnaire management tooling (SafeBase, Responsive, or equivalent)
• Strong written communication skills — the policies and documentation you produce need to hold up under auditor scrutiny
• Proven ability to manage multiple compliance workstreams independently with minimal oversight
• Ability to automate repetitive compliance processes

Even Better If

• You have familiarity with NIST CMMC, FERPA, HIPAA, or TX-RAMP/GovRAMP
• You've worked with vulnerability management platforms (Wiz, Tenable, Qualys, or equivalent)
• You're comfortable using AI-assisted tools to accelerate documentation and GRC workflows

Why This Role

Teamworks serves professional, collegiate, Olympic, and military organizations, which means our compliance obligations are real and the stakes are high. The person in this role will have direct ownership of programs that matter to every customer conversation