Senior Staff Security Governance & Compliance Analyst

If you're a compliance professional who believes that the best controls are the ones that run themselves — this one's for you.

As a Compliance Engineer on our Continuous Controls Assurance team, you'll sit at the intersection of compliance, engineering, and business process — your mission being to make compliance a living, automated reality rather than a periodic exercise. You'll inject compliance directly into how the business operates, building the evidence, signals, and automation that lets us prove we do what we say we do.

This role is particularly suited to candidates who have worked across compliance frameworks and technical environments — whether in SaaS companies, cloud-native organisations, or forward-thinking internal audit and GRC functions — and who are comfortable translating control requirements into code, pipelines, and data.

You'll play a central role in maturing our controls assurance program, moving us from point-in-time testing toward continuous, automated monitoring that scales with the business.

• →Design and build automated controls — translate control objectives across frameworks such as SOC 2, ISO 27001, and PCI DSS into automated tests, scripts, and monitoring logic embedded in business and technical processes
• →Own continuous controls monitoring — develop and maintain pipelines that continuously collect, evaluate, and surface control evidence, flagging exceptions and deviations in near real-time
• →Embed compliance into the SDLC and business operations — partner with Engineering, DevOps, and business teams to integrate compliance checkpoints, policy-as-code, and configuration validation into CI/CD pipelines and operational workflows
• →Bridge GRC and Engineering — translate compliance requirements into technical specifications, and translate system behaviour back into auditable evidence — acting as the connective tissue between the two disciplines
• →Maintain the controls evidence repository — ensure control evidence is automatically captured, timestamped, and stored in a format that supports internal review and external audit
• →Support audit and assurance activities — provide automated evidence packages for external audits, reducing manual effort and improving audit quality and speed
• →Identify and close assurance gaps — conduct control gap assessments, recommend improvements, and own the remediation pipeline through to closure
• →Collaborate on policy and standard development — ensure that policies are written in a way that can be operationalised and tested, feeding back where policy language creates ambiguity in controls design

• Experience in a compliance, GRC, or information security role within a SaaS or cloud-native organisation
• Hands-on experience with one or more compliance frameworks — SOC 2, ISO 27001, PCI DSS, or similar
• Demonstrated ability to automate compliance processes — using scripting (Python, Bash, or similar), APIs, or tooling such as Drata, Vanta, Tugboat Logic, or equivalent
• Familiarity with cloud environments (AWS, GCP, or Azure) and the controls that govern them
• Strong analytical skills — able to decompose a control objective into testable, measurable components
• Excellent written communication — able to produce clear control narratives, test procedures, and evidence documentation

• Experience with policy-as-code tools (e.g. Open Policy Agent, Conftest, Checkov, or AWS Config Rules)
• Exposure to CI/CD platforms (e.g. GitHub Actions, GitLab CI, Jenkins) and how compliance gates can be embedded within them
• Familiarity with SIEM, log management, or observability tooling in a controls assurance context
• A background that spans both technical and compliance disciplines — e.g. a developer who moved into GRC, or a compliance analyst who learned to code
• Relevant certifications such as CISA, CISSP, CCSP, AWS Security Specialty, or equivalent

Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster. 

Learn more at diligent.com or follow us on LinkedIn and Facebook

• Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
• We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
• We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
• Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.

Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place. 

Headquartered in New York, Diligent has offices in Washington D.C.,  London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney.   To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.

_{We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.}

_{To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.}