*This is a fully remote position and is only available for people located in LATAM*

Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, we deliver next-generation audit services across SOC 2, ISO 27001, PCI DSS (QSA), HITRUST, CMMC (C3PAO), and FedRAMP (3PAO) frameworks. 
 
We’re not your traditional audit firm — we’re tech-enabled, leveraging compliance automation and advanced collaboration tools to make audits faster, smarter, and more impactful for our clients. 
 
Recognized on the Inc. 5000 and Fast 50 lists, Insight Assurance is one of the fastest-growing global audit firms, with 170+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC. 
 
If you’re a driven sales professional who thrives on building relationships, driving growth, and being part of a high-performance global team — this is your opportunity to sell trust, innovation, and impact with one of the most exciting firms in the audit industry.

JOB PURPOSE

The role of Staff or Experienced IT Auditor includes the execution of client engagements and internal activities related to SOC 1, SOC 2, and SOC 3 examinations, HIPAA assessments, and external audits of other security and privacy frameworks/standards.

DUTIES AND RESPONSIBILITIES

• Perform the day-to-day activities of IT audit engagements (SOC 1, SOC 2, HIPAA), and readiness assessments under the direction of a member of the management team.
• Evaluate the design and effectiveness of technology controls
• Identifies and communicates IT audit findings to management
• Help identify performance improvement opportunities for assigned clients
• Communicate effectively with the clients and team members
• Lead client meetings and foster client relationships through proactive communication
• Provide weekly status reports to management
• Proactively communicate to management regarding any potential issues

SKILLS

• Excellent oral and written communication skills in English.
• Ability to work individually as well as collaboratively.
• A high degree of motivation.
• Spanish is a plus.

EDUCATION

Bachelor’s degree in accounting, business, cybersecurity, or management information systems.

EXPERIENCE

• At least 1 year of experience performing IT audit engagements at a Big 4 or other audit/consulting firm.
• Experience using GRC and compliance automation tools (Vanta, Drata, Secureframe) is a plus.

TRAINING AND CERTIFICATIONS

Candidates with an active or working towards CISA, CPA, CISSP, ISO27001 Lead Auditor, or PCI QSA certification.

BENEFITS

• Flexible Paid Time Off and paid holidays
• Performance Bonuses
• 100% Remote

Privacy Notice CCPA: 

• Insight Assurance shares your personal data/information with Greenhouse recruiting because this is the tool we use for the recruitment process.
• Insight Assurance does not sell personal data/information under any circumstances.
• You may exercise your rights under personal data protection legislation by reaching out to us via: HR@insightassurance.com or submit a request via mail at 400 N Tampa St. 15th Floor Suite 122, Tampa, FL 33602

Privacy Notice GDPR:

This notice informs you about the categories of Personal Data/ Information and the Purpose and Scope of Processing Activities to be undertaken by Insight Assurance (we, us, our), under its job application and recruitment process.

We resort to Greenhouse.com as the platform that supports our recruitment process, and therefore your Personal Data/ Information will be Processed on this tool (hosted, shared with, cross-referenced, accessed by our team); we have in place contractual terms and the commitment of Greenhouse.com that ensures the Security and Confidentiality plus Purpose limitation with regards to the Processing of your Personal Data.

When you reply to one of your job postings, you voluntarily and freely submit your Personal Data to us; this, allied with the fact that the Processing by us (and over Greenhouse.com) of that Personal Data has the sole Purpose of validating your application and proceeding with the inherent scrutiny and decision, allows us to argue having Legitimate Interest as the applicable Legal Basis to undertake the Processing of your Personal Data under this scope.

We are a U.S. based company, hence some or all Personal Data pertaining to you will be hosted in the U.S.

The categories of Personal Data under Processing consist of:

• Identification
• Contact
• Education and Professional
• Interview performance
• Evaluation

You may exercise several Rights as determined under applicable Personal Data Protection legislation, in short:

• Right of Access – meaning getting information about the Personal Data under Processing by us, except for the information you already know;
• Right of Erasure – you may ask for us to erase all Personal Data pertaining to you under Processing; this may imply you being excluded from the recruitment process, for without information we cannot proceed with it;
• Right of Opposition or Restriction of Processing – you may ask us to stop some Processing or restrict the Processing of some Personal Data, this may imply you being excluded from the recruitment process, at our sole discretion also for without information we cannot proceed with it;
• Rectification – you can rectify your Personal Data at anytime 

About Zone & Co: 

Zone & Co is on a mission to empower finance professionals to drive strategic growth through seamless, intelligent operations. We build cloud-native software solutions on Oracle NetSuite, automating complex financial processes like billing, accounts payable, reporting, and reconciliation. Our vision is to unlock the full strategic potential of finance by infusing the ERP with the intelligence and automation needed for truly transformative operations. Join our rapidly growing team as we redefine financial efficiency for scaling businesses worldwide.

The Role: We are seeking a meticulous and proactive Security and Privacy Compliance Analyst to help safeguard our organization and our customers' data. Reporting directly to the Director of IT, Security and Compliance, you will play a critical role in maturing our governance, risk, and compliance (GRC) programs. In this position, you will bridge the gap between technical security controls and regulatory requirements, ensuring that Zone & Co's rapidly expanding suite of financial software maintains the highest standards of data protection and privacy.

This role requires a strong foundational knowledge of major security frameworks and privacy regulations, a keen eye for detail in auditing internal processes, and the ability to clearly communicate compliance postures to both internal engineering teams and enterprise customers.

Essential Job Functions:

• Compliance Framework Governance: Lead the management and continuous scaling of Zone & Co’s core security compliance frameworks, specifically SOC 2 Type II and ISO 27001.
• Privacy Operations Leadership: Govern global data privacy operations to ensure strict, ongoing alignment with GDPR, CCPA/CPRA, and other emerging data protection laws.
• Customer Trust & Revenue Enablement: Serve as the primary security liaison for enterprise customers, directly supporting the sales cycle by demonstrating and communicating a robust, mature security posture.
• Risk & Audit Management: Manage the organization's internal audit program and oversee the third-party vendor risk lifecycle to proactively identify and mitigate vulnerabilities.

Responsibilities, Duties, and Tasks:

• Audit Coordination: Coordinate evidence collection, manage project timelines, and partner directly with external auditors during annual compliance assessments.
• Privacy Assessments: Conduct Data Privacy Impact Assessments (DPIAs) for new products and process Data Subject Access Requests (DSARs) within mandated SLAs.
• Questionnaires & Trust Center: Accurately and efficiently complete incoming vendor security questionnaires from prospects and maintain up-to-date documentation in our customer-facing Trust Center.
• Internal Control Testing: Design and execute internal audits to test whether technical and administrative controls are operating effectively. Track control gaps and drive engineering/IT remediation efforts.
• Vendor Risk Reviews: Evaluate the security and privacy postures of prospective and existing third-party vendors and sub-processors through comprehensive risk assessments.
• Policy & Training Development: Draft, update, and publish internal security policies, standard operating procedures (SOPs), and incident response plans. Develop and administer engaging company-wide security and privacy awareness training.

What You'll Bring (Qualifications and Experience):

• Experience: 3+ years of direct experience in IT Audit, Information Security, Privacy Operations, or GRC (Governance, Risk, and Compliance), preferably within a B2B SaaS, FinTech, or cloud technology environment.
• Deep Domain Expertise: Hands-on experience working with established compliance frameworks (SOC 2, ISO 27001) and navigating global privacy legislation (GDPR, CCPA).
• SaaS/Cloud Acumen: A solid understanding of cloud computing architectures (AWS, Azure, GCP) and enterprise software environments. Familiarity with ERP systems (like NetSuite) is a strong plus.
• Analytical & Problem-Solving Skills: Proven ability to translate complex regulatory requirements into actionable, practical controls for IT and engineering teams without stifling innovation.
• Exceptional Communication: Outstanding written and verbal communication skills. You must be able to write clear policies, translate technical risks for business leaders, and confidently answer complex customer security questions.
• Education & Certifications: Bachelor’s degree in Information Systems, Cybersecurity, Business, or a related field. Relevant industry certifications such as CISA, CISM, CIPP/E, CIPP/US, or Security+ are highly preferred.