Cybersecurity & Compliance Analyst

About The Position

Requirements

• 3+ years of experience in cybersecurity, compliance, or GRC-related roles
• Hands-on experience with SOC 2 audits and continuous compliance workflows
• Familiarity with Drata, Vanta, or similar compliance automation tools
• Strong understanding of risk management frameworks and security controls
• Experience managing third-party audits and working with external auditors
• Excellent organizational, documentation, and communication skills
• Industry certifications such as CISA, CISSP, or CRISC are a plus

Nice To Haves

• Experience working in cloud-native or SaaS environments
• Familiarity with ISO 27001, HIPAA, or GDPR compliance
• Previous experience in a startup or fast-growing tech company

Responsibilities

• Manage and maintain SOC 2 Type I and Type II readiness and ongoing compliance, including evidence collection and control testing
• Administer and optimize compliance automation platforms such as Drata and Vanta
• Support internal GRC functions including risk assessments, policy management, and control framework implementation (e.g., NIST, ISO 27001)
• Coordinate and support external audit processes; act as a key liaison with auditors
• Collaborate with engineering and IT to implement and enforce security controls
• Monitor compliance KPIs and prepare reporting for leadership and board-level audiences
• Stay informed about evolving regulatory requirements and security best practices