Senior Specialist, Compliance

The Senior Compliance / Information Security Analyst is a key individual contributor within InvestCloud’s Information Security & Compliance function. This role helps protect InvestCloud’s platforms, data, and clients by operating and improving compliance and security controls, maintaining secure configurations, and supporting adherence to internal policies, client obligations, and applicable standards and frameworks. 

This individual partners closely with the Information Security Manager, Compliance and Legal, Infrastructure/Operations, Engineering, and Client-facing teams to ensure that security and compliance requirements are clearly defined, practically implemented, and well evidenced for audits, certifications, and client / regulatory due diligence. 

What does a great Senior Compliance / Information Security Analyst do? 

A great Senior Compliance / Information Security Analyst turns regulatory, client, and policy requirements into clear, repeatable controls and processes. They: 

• Maintain hardened baselines and secure configurations across systems and environments, mapped to policy and control requirements. 
• Proactively monitor for issues, investigate anomalies, and help drive timely remediation, with strong documentation and traceability. 
• Produce high-quality control documentation and evidence that stand up to internal audit, external audit, and client scrutiny. 
• Collaborate effectively with technical and non-technical stakeholders to embed security and compliance expectations into day-to-day operations. 

They are detail-oriented, calm under pressure, and able to translate between security, compliance, and business perspectives. 

How you will provide meaningful contributions 

Compliance Risk & Control Management 

• Support execution of compliance and security risk assessments by gathering inputs from control owners, documenting risks, and tracking agreed actions. 
• Help design and execute control testing plans for key information security and compliance controls (e.g., access reviews, configuration baselines, logging and monitoring), documenting results and exceptions. 
• Maintain and refine control inventories, risk registers, and metrics/KRIs for information security and compliance, partnering with the Information Security Manager and Compliance to ensure data quality and timely updates. 
• Assist in evaluating the impact of new regulations, client obligations, and internal policies on existing controls, and help translate requirements into practical control changes. 

Audit, Certification & Client / Regulatory Due Diligence Support 

• Prepare and maintain control evidence (e.g., screenshots, configuration exports, reports, tickets) that demonstrate effective operation of information security and compliance controls for internal and external audits. 
• Partner with Compliance, Legal, and Information Security leadership to support SOC 2, ISO 27001, and related certification activities, including evidence collection, sample selection, and responses to auditor questions. 
• Coordinate and contribute to client security and compliance questionnaires, RFPs, and on-site/virtual reviews by providing accurate, timely information on controls, hardening standards, and governance processes. 
• Help organize and track findings and remediation actions arising from audits, certification reviews, and client / regulatory inquiries, ensuring owners, timelines, and status are clearly documented. 

Policy Governance & Process Alignment 

• Ensure that day-to-day security and compliance practices align with written policies (e.g., Information Security Manual, Patching and Hardening Policy, Code of Conduct) by reviewing procedures, identifying gaps, and proposing pragmatic updates. 
• Support the Information Security Manager and Compliance in reviewing, updating, and socializing policies, standards, and procedures, including mapping controls to specific requirements and frameworks. 
• Assist with access control and entitlement governance, including periodic user access reviews, privileged account checks, and validation of joiner/mover/leaver activities against policy and client expectations. 
• Help document and refine standard operating procedures (SOPs) for recurring controls (e.g., monitoring, evidence collection, configuration reviews, access reviews), ensuring they are clear, consistent, and audit-ready. 

Security Operations & Monitoring (with a compliance lens) 

• Operate day-to-day security monitoring processes, including review of alerts, logs, and dashboards for suspicious activity, misconfigurations, and policy exceptions, ensuring that events are handled in line with documented procedures. 
• Conduct initial triage and investigation of security and control-related events; document findings, classify impact and risk, and escalate to the Information Security Manager or other stakeholders as appropriate. 
• Support ongoing vulnerability, patching, and configuration management efforts by validating remediation status, tracking exceptions against policy and risk tolerance, and helping prioritize issues based on business and client impact. 

Cross-Functional Collaboration, Training & Continuous Improvement 

• Work closely with Information Security, Compliance, Legal, Infrastructure/Operations, Engineering, and Client-facing teams to clarify security and compliance requirements and ensure shared understanding of control expectations. 
• Participate in root-cause analysis and remediation planning for security findings, audit issues, client concerns, and control failures; help ensure corrective actions are risk-appropriate and sustainable. 
• Identify opportunities to streamline and automate compliance and security processes (e.g., evidence collection, reporting, configuration checks, access reviews) to improve consistency, coverage, and efficiency. 
• Contribute to training and awareness efforts by providing practical input on technical control topics (e.g., secure configuration, least privilege, patching expectations, documentation standards) for relevant audiences. 

Basic Qualifications for Consideration 

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Compliance/Risk, or a related field; or equivalent practical experience. 
• 4–7 years of progressive experience in information security, IT risk, or compliance (or a closely related technical risk role), preferably in B2B SaaS, FinTech, or financial services technology. 
• Hands-on experience with: 
• Security monitoring and incident/control event triage (e.g., SIEM, log analysis tools, ticketing systems). 
• System hardening and secure configuration for servers, applications, or network devices, aligned to documented standards. 
• Vulnerability and patch management processes, including coordination with infrastructure and application teams and tracking of exceptions. 
• Operating or testing governance, risk, and compliance (GRC) controls, such as access reviews, policy attestations, or control testing. 
• Familiarity with relevant security and compliance frameworks (e.g., SOC 2, ISO 27001) and basic understanding of data protection and client/vendor oversight expectations in a global context. 
• Strong analytical and documentation skills, with the ability to produce clear, audit-ready evidence, control narratives, and process documentation. 
• Demonstrated ability to work cross-functionally, manage multiple workstreams, and follow through on remediation actions to closure. 

Preferred Qualifications 

• Experience supporting external audits, client due diligence, or regulatory reviews in a security, risk, or compliance capacity. 
• Practical knowledge of cloud security and compliance practices (e.g., secure configuration of cloud services, identity and access management, logging and monitoring). 
• Relevant industry certifications (e.g., Security+, SSCP, CISA, CISM Associate, CISSP Associate, or similar) are a plus. 
• Experience in a high-growth or fast-paced technology environment with a strong emphasis on client trust, regulatory expectations, security, and compliance. 
• Should be skilled in the use of automation with SharePoint as the backend. 
• Should have an open mind and be able to follow through with full attention to detail.   

About InvestCloud

InvestCloud, a global leader in wealth technology, aspires to enable a smarter financial future. Driving the digital transformation of the wealth management industry, the company serves a broad array of clients globally, including Wealth and Asset Managers, Wirehouses, Banks, RIAs, and Insurers. In terms of scale, the company’s clients represent more than 40 percent of the $132 trillion of total assets globally.

As a leader in delivering personalization and scale across advisory programs, including unified managed accounts (UMA) and separately managed accounts (SMA), InvestCloud is committed to the success of its clients. By equipping and enabling advisors and their clients with connected technology, enhanced intelligence, and inspired experiences, InvestCloud delivers leading digital wealth management and financial planning solutions — complemented by a dynamic data warehouse that scales across the complete wealth continuum.

In 2024, InvestCloud was named CNBC World’s Top Fintech Company, a proof point of the company’s commitment to innovation and client success. Headquartered in the United States, InvestCloud serves clients around the world.
For more information, visit InvestCloud.com.

Our Values

• Client Connected
• Human Centered
• Technology Forward
• Respect + Integrity
• Excellence

The actual salary will vary based on applicant’s education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on the applicant’s geographic location.

Salary Range: $90,000 – $110,000

Benefits include medical/Rx, dental, vision, disability, and life/AD&D insurance plans, Flexible Savings Account (FSA), Health Savings Account (HSA), Employee Assistance Plan (EAP), health advocacy, voluntary ancillary plans (accident, critical illness, hospital indemnity, legal, identity theft, auto/home, and pet insurance), 401(k) retirement savings plan with company match, and paid time off.

#LI-HJ1