Compliance Analyst

We are seeking a proactive, detail-oriented Compliance Sr Analyst to join our global Governance, Risk & Compliance (GRC) team. You will take ownership of key elements of our Continuous Monitoring (ConMon) program, partner with technical teams to track risks and improve control effectiveness, and maintain the common control framework (CCF) that underpins our security, privacy, and compliance posture.

This role is designed for someone who enjoys getting into the details while also thinking strategically about how to optimize compliance processes, scale efficiently, and contribute to audit readiness and regulatory alignment.

• →Own and evolve the enterprise-wide Continuous Monitoring (ConMon) program, ensuring that vulnerabilities are identified, tracked, and remediated, with accurate reporting and documentation.
• →Conduct recurring control assessments to evaluate the effectiveness of technical, administrative, and operational safeguards, and use results to improve the CCF.
• →Develop and maintain the Common Control Framework (CCF), ensuring alignment across regulatory and certification requirements (e.g., SOC 2, ISO 27001, PCI-DSS, NIST 800-53, DORA, C5).
• →Manage the risk exception and deviation process, including intake, review, documentation, and tracking of compensating controls.
• →Facilitate compliance syncs with internal teams, including Security, Engineering, IT, Legal, and Privacy. Drive action item closure, escalate risks, and promote visibility.
• →Support audit and assessment readiness by aligning evidence to controls, updating documentation, and coordinating with process owners to demonstrate compliance posture.
• →Maintain core compliance documentation, including policies, SOPs, control narratives, risk registers, and corrective action plans.
• →Assist in incident response documentation, focusing on compliance impacts, reporting obligations, and post-incident reviews.
• →Collaborate with Security and Engineering to review vulnerability scans and threat intelligence, helping assess risk exposure and prioritize remediation.
• →Develop and manage compliance dashboards, metrics, and POA&M-style tracking to communicate program health and maturity.
• →Continuously improve compliance processes, identifying automation opportunities, reducing manual tasks, and evolving the CCF to keep pace with a changing risk landscape.

• 3+ years of experience in compliance, audit, security assurance, or a related field within a technology or SaaS environment.
• Knowledge of major regulatory and industry frameworks (e.g., NIST SP 800-53, SOC 2, ISO 27001, PCI-DSS).
• Experience with vulnerability management, risk assessments, and control testing.
• Strong communication and collaboration skills with the ability to work across business and technical teams.
• Proven ability to manage multiple priorities, with attention to detail and a structured, documentation-driven approach.
• Bachelor’s degree in a relevant field or equivalent professional experience.

• Familiarity with tools like Tenable, Wiz, or other vulnerability scanners.
• Experience with GRC platforms (e.g., OneTrust, Drata, ServiceNow).
• Certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor/Implementer.
• Knowledge of data protection regulations like GDPR, HIPAA, or DORA.