Compliance Analyst, Cyber

Qohash is a cybersecurity provider, modernizing industry practices around the detection and protection of enterprise-sensitive information. Through our Qostodian platform, we introduce a groundbreaking approach to data security. As a leader in Data Security Posture Management (DSPM), we specialize in tracking specific data elements at scale. Our platform feeds real insights into our customers’ risk strategy, providing compliance, vulnerability reduction, and breach protection across some of the world’s largest and most sensitive enterprises.

Who you are

The Compliance Analyst is a highly organized and proactive individual who thrives on enabling others to succeed by maintaining operational excellence. You have strong project management and documentation skills and enjoy working cross-functionally to drive consistent and repeatable compliance outcomes. You value clear communication and can translate regulatory requirements into actionable processes across technical and non-technical teams. In a fast-paced startup, you’re comfortable balancing independence with collaboration and are eager to shape the way compliance functions evolve at Qohash.

What you will do

As a Compliance Analyst, your responsibilities will be as follows:

• Act as the primary point of contact for operational compliance matters, providing consistent coordination across teams.
• Ensure compliance with security frameworks (e.g., SOC 2, ISO 27001) using compliance tools.
• Track and remediate security control gaps.
• Prepare for audits by collecting evidence and managing documentation.
• Manage documentation for security policies, compliance procedures, and access control.
• Coordinate compliance activities (e.g., access reviews, vendor risk assessments).
• Liaise between teams to align on compliance requirements.
• Maintain vendor compliance records and support assessments.
• Create dashboards to track compliance activities.
• Contribute to security awareness and training.
• Assist with data protection and privacy compliance.
• Identify automation opportunities.
• Act as primary contact for operational compliance matters.

What your resume shows

Must Haves

• 2–4 years of experience in information security compliance
• Familiarity with a security compliance framework (SOC 2, ISO 27001, etc.)
• Strong coordination, documentation, and process management skills
• One of the following certifications: GSEC, CCSP (Associate), Security+, ITIL Foundation, COBIT 5 Foundation

Nice to Haves

• Experience with engineering or IT teams and understanding of cloud technologies, APIs, and software development
• Experience using compliance management tools (Drata, Vanta, SecureFrame)
• Startup experience and comfort in a fast-paced environment
• Preference for candidates based in Quebec
• Bilingual (English/French)

Company culture & core values

At Qohash Inc., we believe in fostering a culture of innovation, integrity, and customer-centricity. Candidates are encouraged to familiarize themselves with our core values.

What’s in it for you?

• Competitive salary range.
  
  
• Enjoy up to six weeks of paid time off annually. At Qohash, we recognize your dedication and believe in giving you ample time to rejuvenate.
  
  
• Comprehensive health benefits package, including life insurance, short- and long-term disability insurance, paramedical and telemedicine services, and a health spending account (HSA) and participation in our Employee Options plan.Competitive salary range.
• Up to six weeks of paid time off annually.
• Comprehensive health benefits package, including life insurance, short- and long-term disability insurance, paramedical and telemedicine services, and a health spending account (HSA).
• Participation in Employee Options plan.
  
  

Qohash is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by applicable law. Only those candidates selected for the interview will be contacted.