CivicPlus, LLC Careers

Description

Your Impact

The Information Security Compliance Analyst is responsible for maintaining the organization’s information security compliance posture by managing security documentation, supporting audits, and ensuring consistent implementation of security controls across production information systems. This role partners closely with technical and operational stakeholders to ensure security requirements are accurately documented, auditable, and aligned with regulatory and organizational expectations, while supporting risk management and continuous monitoring activities.

About CivicPlus

At CivicPlus, we strive to bring our company vision to life through innovation and collaboration. Supported by approachable leadership and transparent communication, we're empowered to make an impact on local government and the residents they serve. Grow your career alongside great people, where authenticity is welcome, successes are celebrated, and potential is nurtured.

What You’ll Do

As an Information Security Compliance Analyst, you will:

• Maintain and update information security policies, standards, and procedures in alignment with modern cybersecurity frameworks and regulatory requirements, including GovRAMP, FedRAMP, ISO 27001, PCI DSS, and SOC 2.
• Maintain System Security Plans (SSPs) to ensure system boundaries, control implementations, and control inheritance accurately reflect the current state of production systems.
• Coordinate and manage internal and external compliance assessment activities, including audit planning, audit fieldwork coordination, evidence collection and preservation, and support of audit responses.
• Manage continuous monitoring activities, including tracking, updating, and reporting Plan of Actions and Milestones (POA&Ms) to support risk remediation and security posture communication.
• Support risk assessments and control gap analyses by identifying security and compliance deficiencies and collaborating with stakeholders to define remediation approaches.
• Define, track, and report key compliance metrics to measure program effectiveness and communicate compliance posture to leadership and governance committees.
• Partner closely with engineering, operations, and production teams to ensure security requirements are documented, implemented consistently, and remain audit-ready across systems.
• Develop and maintain audit-ready evidence repositories to support repeatable, efficient compliance assessments and reduce audit cycle time.
• Provide guidance to system owners and control owners on compliance expectations, documentation standards, and control implementation requirements.
• Other duties as assigned by leadership.

What We’re Looking For

We know that excellent candidates come from diverse backgrounds. Even if you don’t meet 100% of the listed requirements, we encourage you to apply!

Preferred Qualifications: 

• Bachelor’s degree in Cybersecurity, Information Security, Information Systems, or a related field (preferred), or equivalent professional experience.
• 3–5 years of experience in information security compliance, cybersecurity assurance, GRC, or a related field.
• Demonstrated experience managing System Security Plans (SSPs) and supporting documentation for enterprise systems.
• Experience supporting compliance audits and certifications, including NIST 800-53 (FedRAMP/GovRAMP), ISO 27001, PCI DSS, and/or SOC 2.
• Strong understanding of modern information security compliance frameworks and control-based security programs (e.g., NIST 800-53, ISO 27001, SOC 2).
• Ability to interpret regulatory and compliance requirements and translate them into clear, actionable documentation.
• Strong analytical, writing, and organizational skills with exceptional attention to detail.
• Ability to manage multiple compliance activities concurrently while meeting deadlines and quality expectations.

Certifications

• Security+, GSEC, or equivalent certification preferred

Why CivicPlus?

This role offers:

• Strengthen security at scale. Help shape and maintain compliance across FedRAMP, GovRAMP, ISO, PCI, and SOC 2 for a trusted GovTech platform.
• Work across teams with real influence. Partner with engineering and operations to ensure controls are implemented consistently and audit-ready.
• Drive measurable impact. Own SSPs, audits, and continuous monitoring that directly improve our security posture.
• Grow in a mission-driven culture. Build deep expertise while supporting technology that serves local governments and communities.

Compensation and Benefits

• Estimated Salary Grade Range: $61,700 - $87,600
  • The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience and is based on a 40-hour work week.
• Benefits: Comprehensive health insurance, dental insurance, vision insurance, Flexible Time Off, 401(k) plan, and more.

Our Hiring Process

• Introductory call with Talent Acquisition
• Interview with the Hiring Manager
• Panel Interview with CivicPlus team members, including an interview project activity
• Offer

Note: The process may vary slightly depending on the role. 

Additional Information

•  CivicPlus is currently unable to provide visa sponsorship for this position now or in the future. Applicants must be authorized to work in the US. 
• This position will remain open until February 27, 2026. We encourage you to apply as soon as possible, as applications will be reviewed on a rolling basis, and the posting may close earlier at the discretion of the Talent Acquisition team

Equal Opportunity Commitment

CivicPlus is proud to be an Equal Employment Opportunity employer. We celebrate and support diversity for the benefit of our employees, products, clients, and communities. Reasonable accommodations are available during the interview process.