Compliance Analyst, US Compliance Programs

About The Position

Requirements

• Experience in compliance, security assurance, GRC, audit, risk management, privacy, or a related function — ideally supporting a SaaS, cloud, AI, legaltech, fintech, healthtech, or public sector environment.
• Familiarity with security and compliance frameworks such as SOC 2, ISO 27001, NIST 800-53, NIST CSF, HIPAA, FedRAMP, TX-RAMP, or GovRAMP.
• Hands-on experience collecting audit evidence, maintaining control documentation, tracking remediation, and supporting internal or external assessments.
• Experience using compliance automation or GRC platforms such as Vanta, Linear, or similar tools.
• Strong ability to read framework requirements, customer obligations, and regulatory guidance and convert them into actionable project plans.
• Experience partnering with technical teams to understand systems, access controls, data flows, infrastructure, cloud environments, and security control implementation.
• Excellent written and verbal communication skills, with the ability to explain compliance requirements in plain English to technical, legal, business, and executive audiences.
• Highly organized and comfortable managing multiple compliance workstreams, deadlines, audits, and stakeholder dependencies at the same time.
• Pragmatic at distinguishing high-priority compliance risks from lower-impact administrative issues, and able to move with urgency in ambiguous environments.
• US Citizenship and a non-expired US Passport or state-issued REAL ID driver's license.

Nice To Haves

• Experience supporting or implementing TX-RAMP, GovRAMP, FedRAMP, or other public sector cloud compliance initiatives.
• Experience with HIPAA compliance, healthcare customer requirements, BAAs, ePHI safeguards, or healthcare security assessments.
• Direct experience working with 3PAOs, external auditors, government assessors, or public sector procurement teams.
• Experience with NIST 800-53 control mapping, SSPs, POA&Ms, continuous monitoring, authorization boundaries, customer responsibility matrices, or audit evidence packages.
• Certifications such as CISA, CRISC, CISM, CISSP, CCSK, ISO 27001 Lead Implementer/Auditor, CIPP/US, or similar.

Responsibilities

• Implement and maintain US compliance program initiatives across government, healthcare, financial services, and enterprise SaaS customer requirements.
• Drive readiness, implementation, and ongoing maintenance for frameworks such as TX-RAMP, GovRAMP, FedRAMP, HIPAA, SOC 2, and other security or privacy compliance obligations.
• Manage compliance operations in platforms like Vanta — evidence collection, control monitoring, policy tracking, vendor documentation, employee compliance tasks, and audit-readiness workflows.
• Coordinate with external auditors, assessors, consultants, legal advisors, and certification bodies through every phase of an engagement.
• Lead government compliance initiatives, including control mapping, gap assessments, documentation packages, system descriptions, policy updates, and customer-facing compliance responses.
• Maintain compliance artifacts including policies, procedures, risk registers, control narratives, system inventories, access reviews, training records, and audit evidence.
• Track regulatory, framework, and customer requirement changes and translate them into practical updates to internal controls and workflows.
• Partner with Sales and Customer Success on security questionnaires, public sector procurement requirements, and regulated customer due diligence.
• Define repeatable compliance workflows for intake, triage, ownership, escalation, documentation, reporting, and remediation.
• Use AI, automation, and compliance tooling to reduce manual work, improve evidence quality, and accelerate program execution.
• Support with other responsibilities and projects as required.

Benefits

• Company-paid group benefits for you and your family
• $1,000 towards mental health support
• Holiday closure
• Generous time off policies
• Monthly paid meals
• Annual wellness allowance
• Parental leave top-ups
• Competitive stock option grants