Security & Compliance Analyst

About The Position

Requirements

• 3 to 5 years of experience in GRC, security compliance, or information security
• Hands-on experience with Vanta (or a comparable platform like Drata or Tugboat Logic), including keeping automated evidence collection running and troubleshooting when things break
• Direct experience with a SOC 2 Type II audit lifecycle, from readiness all the way through report issuance
• Working knowledge of NIST CSF 2.0 and the ability to map controls across multiple frameworks
• Enough cloud infrastructure knowledge to have a real conversation with an engineer about control implementation (you don't need to build it, just understand it)
• Strong analytical skills, with the ability to take raw vulnerability data and turn it into something a non-technical leader can understand and act on
• A continuous growth-mindset, with a focus on learning, embracing challenges, and continuously improving.
• A knack for creativity and innovation, bringing fresh ideas to the table and solving complex problems.

Responsibilities

• Administer CompanyCam's Vanta Professional instance, maintaining automated test coverage, resolving broken integrations, and keeping the compliance dashboard accurate and up to date
• Own our NIST CSF 2.0 and SOC 2 Type II framework alignment, mapping controls efficiently across both frameworks and closing gaps as they surface
• Identify and route compliance gaps, triaging remediation tasks to the right owners and tracking through to resolution
• Maintain evidence libraries and audit trails required for SOC 2 Type II readiness and annual audits
• Prepare risk reporting for the Enterprise Risk Committee, translating technical vulnerabilities and control gaps into clear, prioritized business risk language
• Own the risk register, supporting risk scoring, trending, and remediation tracking alongside the Security & Compliance Lead
• Conduct vendor security assessments and maintain the third-party risk inventory
• Own the intake and response process for inbound security questionnaires from customers and partners
• Act as the cross-functional liaison between Security & Compliance and engineering, IT, and business teams on compliance obligations and remediation timelines
• Support security awareness initiatives, user access reviews, and ongoing compliance program activities

Benefits

• Meaningful equity
• Salaried position