Senior Compliance Advisor

About The Position

Requirements

• Must have 4 - 6 years of experience in performing audits and assessments for compliance programs based on SOC 2 and ISO 27001/27002
• The ideal candidate will have exposure and experience in additional frameworks such as HIPAA, PCI, GDPR, CMMC, FedRAMP, CCPA, or other major compliance and controls regulations and framework
• Strong background and understanding of GRC (Governance, Risk, and Compliance) programs, processes, functions, and operational teams, and helping organizations design, build, and operate their risk, security, and compliance programs
• Familiarity with GRC tools and/or cybersecurity technologies; hands-on experience with a GRC automation platform is a plus.
• Proven self-starter able to identify priorities, take ownership of work, and learn and advise on new compliance frameworks quickly.
• An ability to develop and cultivate positive relationships with customers - make their day by providing the best possible guidance and customer experience
• Desire to work at a rapidly growing startup with a team-player mindset, building and creating something from the ground up.
• A proactive approach to managing your workload and day and ability to prioritize many different tasks and levels of responsibility
• Constant ability to iterate and improve upon existing processes - challenge the status quo and improve upon the current state
• A strong ability to work within a high-speed and high-volume environment

Nice To Haves

• While not required, previous experience at consulting, audit, and advisory firms or at GRC/cybersecurity technology companies, is highly preferred.
• Light technical fluency to accelerate evidence automation and customer enablement — comfort reading and interpreting API responses, working familiarity with at least one major cloud provider (AWS, GCP, or Azure) and its core security/IAM services, and/or basic scripting (Python, PowerShell, or SQL) to streamline repetitive evidence-collection tasks.
• One or more industry certifications such as CISA, CISSP, CIPP/E or CIPP/US, CRISC, or ISO 27001 Lead Auditor / Lead Implementer.

Responsibilities

• Advise customers on information security policies, control evidence, and overall audit readiness as they prepare for audits and assessments against SOC 2, ISO 27001/27002, HIPAA, PCI, NIST 800-171, CMMC, FedRAMP, GDPR, CCPA, and related frameworks.
• Lead end-to-end control mapping and cross-framework crosswalk analysis, aligning customer custom controls and audit evidence request lists (IRLs) to the Drata Control Framework (DCF).
• Serve as the primary compliance expert in customer-facing meetings, via email and executable work for customers, and to members of our Customer Success teams.
• Lead the development and present on GRC industry best-practices and on common compliance questions received from customers for both external and internal audiences.
• Lead ongoing internal learning and success of our team by sharing knowledge through mentorship, research, and internal presentations.
• Partner with Customer Success and Account Managers in providing current customers with additional compliance advisory services as needed.
• Engage with the Sales team, as needed, with responding to prospective customer questions.
• Host customer-facing webinars to answer questions on audit and GRC best practices
• Review marketing articles and blog posts for accuracy as needed.

Benefits

• Stock equity
• Up to 100% employer-paid premiums for medical, dental, and vision coverage for employees and their dependents
• Comprehensive wellness benefits and healthcare concierge services
• 401(k) plan
• Company-paid life and disability insurance
• Tax-advantaged spending accounts
• Range of discounted voluntary offerings
• Paid Parental Leave policy, after six months of employment
• Kindbody fertility and family-building benefits
• Dedicated leave specialists
• Generous annual stipends for both professional and personal development
• Access to a wide range of internal learning opportunities
• Flexible vacation policy
• Paid holidays
• Competitive base salary
• Variable compensation