Security Risk & Compliance Analyst

*Must be located in Ottawa, ON to collaborate in office 3 days/week. 

#CareersThatKickSaas! TrueContext is looking for a Security Risk & Compliance Analyst, an individual-contributor role who is responsible for owning customer security questionnaires, vendor security risk management, and SOC 2–aligned security and compliance activities for TrueContext. The role acts as the central point of contact for security and compliance questions from customers, vendors, and internal stakeholders. 

Key Responsibilities 

Lead end-to-end completion of customer security questionnaires, RFIs, and due diligence requests, coordinating inputs from engineering, security, and leadership to ensure accurate and consistent responses.   

Maintain and continuously improve a reusable library of standard security answers, architecture descriptions, and supporting evidence mapped to SOC 2 and related frameworks.   

Own the third-party/vendor security lifecycle: intake, risk triage, detailed security assessments for higher-risk vendors, ongoing monitoring, and periodic reassessment.   

Review vendor SOC 2 reports and other attestations, identify issues or exceptions, document risk, and drive agreed mitigation actions with internal owners.   

Coordinate the company’s SOC 2 program activities, including control mapping, evidence collection, tracking remediation items, and preparing for audits.   

Partner with engineering teams to understand system design, data flows, and operational practices, translating technical details into clear security and compliance narratives.   

Provide security and compliance input on contracts and DPAs, working with Legal and Procurement on security clauses, data protection requirements, and vendor obligations.   

Define and track practical metrics (e.g., questionnaire volume/SLAs, vendor risk tiers, open remediation items) and report status and risks. 

Educate Sales, Customer Success, and other go-to-market teams on security positioning, SOC 2 scope, and standard responses so they can set expectations with customers.    

Skills and Qualifications 

2–5 years of experience in information security, risk management, compliance, or related roles, ideally in a SaaS or cloud-native environment.   

Direct experience with customer security questionnaires and vendor risk assessments, including reading SOC 2 reports and other security attestations.   

Solid understanding of SOC 2 principles and common security controls (access management, encryption, logging/monitoring, SDLC, incident response, business continuity).   

Ability to interact confidently with senior engineers, translate between technical and non-technical audiences, and influence without direct authority.   

Strong written and verbal communication skills with an emphasis on clarity, consistency, and reusability of security and compliance messaging.   

Experience with GRC, vendor risk, or compliance platforms (e.g., SOC 2 automation tools, vendor risk management tools) is an asset.   

Some Extra Benefits: 

Company-wide & team social events 

Wellness yearly allowance 

Annual learning allowance 

Great time off benefits (4 weeks of vacation + 2 True2ME days + 1 TrueCrewCares day) 

Summer FriYAYs (every other Friday off from Victoria Day until Labour Day) 

Catered lunches 2x per week 

An amazing office space with plenty of snacks, drinks, and space to collaborate 

Hybrid work environment (3 days a week in the office) 

Salary Range:

$80,000 - $120,000

If you are looking for the opportunity to embrace and be part of a truly unique company culture, this KickSaaS opportunity might just be for you!