Information Security Analyst

Who We Are

Finance leaders choose Billtrust to get paid faster, control costs, and maximize customer satisfaction. As the leader in B2B accounts receivable workflow and payment software, we provide the world’s leading brands with AI-powered solutions across the full AR lifecycle—from invoice presentment and payment processing to cash application and collections. With over 2,600 global customers, more than $1 trillion in invoice dollars processed, and a proprietary network of 13 million buyers, Billtrust delivers business value through deep industry expertise and a culture relentlessly focused on meaningful customer outcomes.

We’re an AI-first company, not just in what we build for our customers, but in how we work. Across every function, our teams use AI tools daily to work faster, make better decisions, and deliver higher-quality outcomes. We hire exceptional people, give them cutting-edge AI capabilities, and measure success by the impact they create. If you want to do the best work of your career at the frontier of AI and fintech, Billtrust is the place to do it.

Our Values

Customers

We relentlessly increase value for customer and do the right thing for them.

Action

We make ‘thoughtfully fast’ decisions, act quickly, cut through red tape, deliver progress not perfection, take ownership and accountability.

Team Spirit

We put the team ahead of ourselves, foster trust and respect, collaborate with passion, despise toxic politics, value our differences, and celebrate together.

Innovation

We challenge the status quo, experiment thoughtfully, and are novel and brilliant in what we create.

Excellence

We love to win, but we hate losing even more. We aspire to be the best and take pride in our work. When we fall short, we own it and come back stronger.

Information Security Analyst 

Information Security Analyst will support Billtrust's compliance and assurance programs across our key security frameworks, contribute to risk assessment activities, and help protect the systems that power our business payments platform. You'll work closely with cross-functional teams and report to the Information Security Manager. 
 
Assurance Frameworks 

This role directly supports Billtrust's compliance posture across the following frameworks: 

Framework 

Scope 

SOC 1 / ISAE 3402 

Financial reporting controls & service organization attestation 

SOC 2 Type 2 

Security, Availability, Confidentiality trust service criteria 

ISO 27001 

Information security management system (ISMS) 

PCI DSS 

Payment card industry data security standards 

HIPAA BAA 

Health information privacy and security requirements 

Key Responsibilities 
 
Compliance & Audit Support 

• Assist in the preparation and execution of SOC 1/ISAE 3402 and SOC 2 Type 2 audits, including evidence collection, control walkthroughs, and liaising with external auditors 
• Support ISO 27001 surveillance and certification audits; maintain ISMS documentation and control evidence 
• Assist with PCI DSS assessments, including scope validation, control testing, and QSA coordination 
• Support HIPAA BAA obligations, including risk analysis activities and documentation of safeguards  

Risk & Controls 

• Participate in information security risk assessments and help maintain the risk register 
• Evaluate and test internal controls over Billtrust information systems 
• Review and provide input on policies, procedures, and standards to ensure alignment with applicable frameworks 
• Assist in vendor security reviews and third-party risk assessments 

Security Operations & Advisory 

• Support vulnerability assessment activities and help track remediation progress 

• Assist with the review and maintenance of incident response and business continuity documentation 

• Monitor the security and compliance landscape for emerging risks relevant to Billtrust's frameworks 

• Contribute to internal awareness and training initiatives 

Reporting & Documentation 

• Prepare accurate and thorough work papers documenting scope, procedures, and results 

• Assist in drafting findings summaries and remediation recommendations for internal stakeholders 

• Maintain compliance evidence repositories and audit-ready documentation 

Qualifications 
 
Required: 

1. 1–3 years of experience in information security, GRC, compliance, or a closely related role 
2. Working knowledge of at least two of Billtrust's assurance frameworks: SOC 1/2, ISO 27001, PCI DSS, or HIPAA 
3. Familiarity with common security frameworks and standards (e.g., NIST CSF, CIS Controls, ISO 27001) 
4. Strong written and verbal communication skills; ability to document findings clearly and concisely 
5. Bachelor's degree in Information Systems, Computer Science, Business, or a related field — or equivalent experience 

Preferred: 

• Exposure to GRC tools or audit management platforms 

• Experience supporting external audit engagements (SOC, PCI QSA, ISO certification body) 

• Relevant certification in progress or obtained (e.g., CompTIA Security+, CISA, CISSP, ISO 27001 Lead Implementer) 

• Basic familiarity with vulnerability assessment tools or security monitoring platforms