Principal Compliance Analyst

About The Position

Requirements

• 12–15+ years in compliance engineering, cloud governance, secure development, or risk architecture within a large-scale SaaS environment.
• Deep knowledge of compliance standards such as SOX, SOC1, SOC 2, ISO 27001/27701, NIST 800-53, PCI, GDPR, and emerging AI governance frameworks such as ISO 42001.
• Significant experience embedding compliance requirements into: SDLC processes, CI/CD pipelines, cloud-native architectures, developer experience tooling, microservice/service onboarding workflows
• Strong hands-on understanding of: continuous compliance monitoring, automated evidence collection and storage, policy-as-code frameworks, cloud configuration monitoring (e.g., IAM, logging, network boundaries), event-driven or API-driven control validation
• Proven success collaborating with Security or Compliance Automation teams to operationalize controls at scale.
• Ability to read, review, and critique architectural diagrams and service designs.
• Familiarity with AWS/GCP/Azure security models, identity governance, data flows, and distributed systems.
• Understanding of AI/ML governance and compliance needs (data lineage, model lifecycle controls, evaluation, provenance, auditability).
• Exceptional ability to explain compliance requirements to engineers and technical constraints to compliance teams.
• Proven ability to build cross-functional alignment and influence decision-making at senior levels.
• Experience mentoring engineers, compliance professionals, and product teams.

Nice To Haves

• CISA, CRISC, CISSP, CCSP, CIPT, ISO 27001 Lead Implementer/Auditor, or similar credentials.

Responsibilities

• Architect Compliance-by-Design & Secure-by-Design Frameworks
• Partner Closely With Compliance Automation & Monitoring Teams
• Compliance Onboarding & Developer Enablement
• Cross-Functional Leadership
• Drive Continuous Improvement in Compliance Maturity