Job Title: Cybersecurity & Compliance Analyst (SOC 2 / GRC / Audit)
Role Overview:
The Cybersecurity & Compliance Analyst will lead and support efforts around SOC 2 compliance, governance risk and compliance (GRC) initiatives, and third-party audits. You will use tools such as Drata and Vanta to automate and manage compliance workflows, and work cross-functionally with stakeholders across engineering, product, legal, and leadership.
Key Responsibilities:
Manage and maintain SOC 2 Type I and Type II readiness and ongoing compliance, including evidence collection and control testing
Administer and optimize compliance automation platforms such as Drata and Vanta
Support internal GRC functions including risk assessments, policy management, and control framework implementation (e.g., NIST, ISO 27001)
Coordinate and support external audit processes; act as a key liaison with auditors
Collaborate with engineering and IT to implement and enforce security controls
Monitor compliance KPIs and prepare reporting for leadership and board-level audiences
Stay informed about evolving regulatory requirements and security best practices
Qualifications:
3+ years of experience in cybersecurity, compliance, or GRC-related roles
Hands-on experience with SOC 2 audits and continuous compliance workflows
Familiarity with Drata, Vanta, or similar compliance automation tools
Strong understanding of risk management frameworks and security controls
Experience managing third-party audits and working with external auditors
Excellent organizational, documentation, and communication skills
Industry certifications such as CISA, CISSP, or CRISC are a plus
Bonus Points For:
Experience working in cloud-native or SaaS environments
Familiarity with ISO 27001, HIPAA, or GDPR compliance
Previous experience in a startup or fast-growing tech company