Sr Security Analyst - Risk and Compliance

About The Position

Requirements

• 5–9 years of experience in cybersecurity, security compliance, governance, risk management, audit, security assurance, or related security functions within SaaS, cloud-native, or technology organizations.
• Hands-on experience supporting or leading SOC 2, SOC 1, ISO 27001, HIPAA, GDPR, NIST, or similar compliance and security frameworks.
• Strong understanding of security controls, risk assessment methodologies, control testing, audit evidence management, and remediation tracking.
• Experience partnering with internal and external auditors and managing audit readiness activities across multiple concurrent compliance programs.
• Proven ability to drive security, compliance, and risk initiatives across cross-functional teams without direct authority.
• Experience conducting security reviews of vendors, cloud services, AI solutions, and third-party providers.
• Familiarity with GRC and compliance platforms such as Vanta, Drata, OneTrust, AuditBoard, or similar solutions.
• Strong understanding of cloud security concepts and controls across AWS, Azure, and/or GCP environments.
• Excellent analytical, organizational, written, and verbal communication skills, with the ability to communicate effectively with technical and non-technical stakeholders.

Nice To Haves

• Experience supporting customer security assessments, security questionnaires, Trust Center activities, or enterprise sales security reviews is preferred.
• Experience working in high-growth SaaS, private equity-backed, or regulated environments is highly desirable.
• Professional certifications such as CISA, CISSP, CISM, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred.
• Experience leveraging automation, AI-enabled workflows, or continuous control monitoring solutions to improve compliance and operational efficiency is a plus.

Responsibilities

• Serve as the Security team's primary point of contact for SOC 1, SOC 2, ISO 27001, HIPAA, and other compliance audits.
• Partner with internal and external auditors to support evidence collection, walkthroughs, testing activities, and remediation efforts.
• Ensure Security-owned controls are operating effectively and remain audit-ready throughout the year.
• Coordinate remediation activities for audit findings, control deficiencies, and security gaps.
• Maintain control documentation, evidence repositories, and audit artifacts.
• Maintain and support the lifecycle of security policies, standards, procedures, and operational documentation.
• Ensure security governance documentation remains aligned with business, regulatory, and compliance requirements.
• Support policy reviews, approvals, and periodic updates.
• Conduct security risk assessments for technologies, business initiatives, vendors, and emerging risks.
• Maintain Security-owned risks within the enterprise risk management program.
• Facilitate risk acceptance, exception management, and remediation tracking processes.
• Develop security risk reporting and metrics for Security leadership.
• Perform security reviews and risk assessments of vendors, SaaS providers, AI technologies, and strategic partners.
• Partner with Procurement, Legal, Privacy, and business stakeholders during vendor onboarding and renewals.
• Support M&A security due diligence and integration activities when required.
• Support customer security assessments, due diligence requests, and security questionnaires.
• Maintain customer-facing security documentation and trust artifacts.
• Assist with Trust Center content and security assurance initiatives.
• Partner with Sales and Customer Success teams to address customer security concerns.
• Support security awareness initiatives, phishing simulations, and compliance training activities.
• Measure program effectiveness and identify opportunities for improvement.
• Promote a strong security culture across the organization.
• Leverage GRC and security tooling to improve compliance visibility and operational efficiency.
• Identify opportunities to automate evidence collection, control monitoring, reporting, and risk tracking.
• Utilize AI-enabled capabilities to improve audit readiness, reporting quality, workflow efficiency, and continuous compliance activities.
• Develop metrics and dashboards to support executive reporting and program maturity.

Benefits

• bonus/commission eligibility
• health insurance
• 401k
• paid time off