Job Title: Cybersecurity & Compliance Analyst (SOC 2 / GRC / Audit)

Role Overview:
The Cybersecurity & Compliance Analyst will lead and support efforts around SOC 2 compliance, governance risk and compliance (GRC) initiatives, and third-party audits. You will use tools such as Drata and Vanta to automate and manage compliance workflows, and work cross-functionally with stakeholders across engineering, product, legal, and leadership.

Key Responsibilities:

• Manage and maintain SOC 2 Type I and Type II readiness and ongoing compliance, including evidence collection and control testing

• Administer and optimize compliance automation platforms such as Drata and Vanta

• Support internal GRC functions including risk assessments, policy management, and control framework implementation (e.g., NIST, ISO 27001)

• Coordinate and support external audit processes; act as a key liaison with auditors

• Collaborate with engineering and IT to implement and enforce security controls

• Monitor compliance KPIs and prepare reporting for leadership and board-level audiences

• Stay informed about evolving regulatory requirements and security best practices

Qualifications:

• 3+ years of experience in cybersecurity, compliance, or GRC-related roles

• Hands-on experience with SOC 2 audits and continuous compliance workflows

• Familiarity with Drata, Vanta, or similar compliance automation tools

• Strong understanding of risk management frameworks and security controls

• Experience managing third-party audits and working with external auditors

• Excellent organizational, documentation, and communication skills

• Industry certifications such as CISA, CISSP, or CRISC are a plus

Bonus Points For:

• Experience working in cloud-native or SaaS environments

• Familiarity with ISO 27001, HIPAA, or GDPR compliance

• Previous experience in a startup or fast-growing tech company