Security Compliance Analyst, Privacy

About The Position

Requirements

• 5+ years in privacy, GRC, or security compliance, ideally with time at a Big 4 or advisory firm, or in-house at a high-growth tech company.
• Hands-on operational experience with privacy regulations and compliance frameworks (GDPR, HIPAA, CCPA, ISO 27001, ISO 27701, SOC 2), including controls mapping, audit support, and day-to-day program operations.
• Experience with DPAs and BAAs: reviewing, negotiating, or operationalizing them in a commercial context.
• Technical fluency: comfortable reading code, understanding data flows, validating that controls work as described, and collaborating directly with engineering teams.
• Exceptional writer. You'll draft policies, respond to security questionnaires, and translate complex requirements into clear guidance for audiences ranging from engineers to executives.

Nice To Haves

• Background in a regulated industry (healthcare, finance, government) or working directly with regulated-industry customers.
• Experience working across multi-cloud deployment environments.
• Ability to write scripts or code (Python is a strong plus) to automate compliance checks, privacy workflows, or build integrations between security and compliance tooling.
• Relevant certifications such as CIPM, CIPP/E, CIPP/US, CISA, CISSP, ISO 27001 Lead Implementer, or ISO 27701 Lead Implementer.

Responsibilities

• Build and automate the compliance operations layer, including evidence pipelines, control monitoring, and agentic systems for always-on visibility into the compliance posture.
• Work directly with Engineering to embed security and privacy controls into products, including deletion pipelines, PII detection, access audit logging, and fine-grained data access controls.
• Maintain and scale certification and audit programs across SOC 2, ISO 27001, ISO 27701, ISO 42001, HIPAA, GDPR, CCPA, EU-US Data Privacy Framework, and others. Drive audit readiness, identify overlapping requirements, and reuse evidence across frameworks.
• Partner with Legal on security and privacy contract execution, covering DPAs, BAAs, security addenda, and vendor terms. Build templates, playbooks, and review processes.
• Monitor adherence to security and privacy contractual obligations across all signed agreements, building operational workflows and tracking mechanisms.
• Contribute to the customer trust program, including security questionnaire responses, due-diligence reviews, and trust documentation.
• Support vendor privacy risk assessments during onboarding and renewals.

Benefits

• medical, dental, and vision coverage
• flexible vacation
• a 401(k) plan
• meals on in-office days in the US