Risk & Compliance Analyst

About The Position

Requirements

• Three to five years of experience in GRC, security, or privacy, ideally within the SaaS or IoT industries.
• Experience creating and maturing IT control frameworks like SOC 2, NIST 800-53, or ISO 27001/2.
• Ability to communicate complex security/privacy concepts clearly to non-technical audiences.
• Strategic and proactive problem-solving skills with an ability to identify innovative approaches to compliance issues.
• Values-aligned: humble, curious, and ready to listen and understand.
• Experience with reporting and providing an analytical perspective.
• Process improvement mindset.
• Ability to translate requirements into repeatable operational practices.

Nice To Haves

• One or more GRC certifications from ISACA, IAPP, ISC2, or SANS.
• A degree in computer science, information systems, risk management, information security, or a related field (equivalent work experience considered).
• Experience working with GRC tools and a solid understanding of security/privacy engineering.
• Curiosity about how AI can improve GRC processes and a baseline understanding of AI/ML ethics and risks.
• Experience creating, owning, and maturing organizational control and security frameworks.
• Experience with SOC 2 and ISO 27001 implementation.
• Deep knowledge of regulatory and privacy landscapes.
• Comfort managing projects and navigating timelines and schedules.

Responsibilities

• Manage the Trust Operations program, supporting the Manager of Trust Operations in implementing risk management and compliance strategies to meet legal requirements like GDPR, FERPA, ISO 27001/2, and SOC 2.
• Collaborate across the business, partnering with Sales and Legal on security/privacy inquiries, working with various departments on security/privacy practices, and assisting teams in implementing security/privacy controls.
• Build resilience and awareness by creating and maintaining security/privacy awareness content.
• Drive vendor integrity by managing the vendor risk program, conducting risk reviews, and maintaining a register of risk profiles.
• Provide actionable insights by tracking and reporting key metrics to senior leadership to ensure proactive governance and risk reduction efforts.

Benefits

• Flexible vacation time
• Company-wide holidays
• Timeout (meeting-free) days
• Remote work options
• Open, honest culture with trust from day one
• Supportive team environment
• Agency to try new ideas
• Professional development resources and opportunities
• Invested office spaces
• Tech stack and hardware for best work
• Employee Assistance Program
• Employee resource groups
• Fitness partner Peerfit
• Medical insurance (multiple plans)
• Vision insurance
• Dental insurance
• Fertility healthcare
• Family forming benefits
• 401(K) with company match up to 4%