Job Title: Cybersecurity & Compliance Analyst (SOC 2 / GRC / Audit)
Role Overview:
The Cybersecurity & Compliance Analyst will lead and support efforts around SOC 2 compliance, governance risk and compliance (GRC) initiatives, and third-party audits. You will use tools such as Drata and Vanta to automate and manage compliance workflows, and work cross-functionally with stakeholders across engineering, product, legal, and leadership.
Key Responsibilities:
• Manage and maintain SOC 2 Type I and Type II readiness and ongoing compliance, including evidence collection and control testing
• Administer and optimize compliance automation platforms such as Drata and Vanta
• Support internal GRC functions including risk assessments, policy management, and control framework implementation (e.g., NIST, ISO 27001)
• Coordinate and support external audit processes; act as a key liaison with auditors
• Collaborate with engineering and IT to implement and enforce security controls
• Monitor compliance KPIs and prepare reporting for leadership and board-level audiences
• Stay informed about evolving regulatory requirements and security best practices
Qualifications:
• 3+ years of experience in cybersecurity, compliance, or GRC-related roles
• Hands-on experience with SOC 2 audits and continuous compliance workflows
• Familiarity with Drata, Vanta, or similar compliance automation tools
• Strong understanding of risk management frameworks and security controls
• Experience managing third-party audits and working with external auditors
• Excellent organizational, documentation, and communication skills
• Industry certifications such as CISA, CISSP, or CRISC are a plus
Bonus Points For:
• Experience working in cloud-native or SaaS environments
• Familiarity with ISO 27001, HIPAA, or GDPR compliance
• Previous experience in a startup or fast-growing tech company
Apply Now
Apply Now