Senior IT Compliance Analyst

We are seeking a highly motivated, detail-oriented, and proactive Senior IT Compliance Analyst to support Yext’s security assurance activities with customers, vendors, and internal teams. This role is responsible for responding to product security-related questions, completing security assessments and audit inquiries, and reviewing security and contract language to ensure compliance with Yext’s standards.

The ideal candidate will collaborate closely with Legal, Sales, and Security teams to ensure accurate, timely, and customer-focused responses while maintaining a strong compliance posture. They will bring deep knowledge of security frameworks, exceptional communication skills, and the ability to partner across business and technical teams to strengthen the organization’s overall security posture.

• Contribute to the development and maintenance of IT & Security policies, standards, and controls.
• Support the annual control attestation process and provide the required evidence.
• Measure, track, and report on security metrics and key performance indicators (KPIs).
• Ensure ongoing alignment with regulatory and industry compliance requirements (e.g., SOC 2, HIPAA, GDPR, NIS2).
• Support responses to cyber insurance questionnaires by leveraging existing security controls, certifications, and policies.

• Conduct risk assessments across systems, applications, and vendors, documenting and tracking outcomes.
• Collaborate with IT, Legal, and Security teams to design and implement mitigation strategies.
• Maintain a centralized repository of standardized security questionnaire responses and keep them current with implemented controls.
• Manage responses to client questionnaires and third-party audit inquiries with accuracy and professionalism.
• Serve as a key point of contact for clients, auditors, and external stakeholders on security-related matters.
• Prepare and provide audit-ready evidence for internal and external audits (SOC 2, SOX, ISO 27001, etc.).
• Partner with control owners to create and track corrective action plans, ensuring timely remediation.
• Identify and implement process improvements to increase efficiency in audit preparation, risk assessments, and responses.
• Provide actionable recommendations to management on enhancing security and compliance practices.

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Engineering, or related field; or equivalent experience.
• 5+ years of experience in information security, with a strong focus on audit and compliance management.
• Demonstrated experience conducting risk and compliance assessments.
• Proven success in managing client security questionnaires and third-party audits.
• Familiarity with industry and regulatory compliance frameworks (SOC 2, SOX, ISO 27001, NIST CSF, HIPAA, GDPR).
• Experience with GRC tools and technologies (e.g., OneTrust, SecurityScorecard, Bitsight, Archer, or similar).
• Advanced written and verbal communication skills, with the ability to engage confidently with executives, clients, and auditors.
• Professional certifications such as CISA, CRISC, CISM, CISSP, or CDPSE preferred.

• Governance & Compliance Expertise – Deep knowledge of regulatory and industry frameworks (SOC 2, SOX, ISO 27001, NIST CSF, HIPAA, GDPR, NIST AI RMF).
• Risk Management – Ability to evaluate risks and support effective remediation strategies.
• Audit & Assessment Skills – Skilled in managing and supporting audits, assessments, and assurance activities.
• Client & Stakeholder Engagement – Strong ability to build trust and deliver timely, accurate responses.
• Communication – Excellent written and verbal skills; able to present technical issues clearly to non-technical audiences and executives.
• Cross-Functional Collaboration – Works effectively across IT, Security, Legal, and business teams.
• Project & Time Management – Strong organizational skills with the ability to balance multiple priorities.
• Continuous Improvement – Identifies opportunities to streamline assurance and compliance processes.
• Technical Acumen – Familiarity with GRC platforms (e.g., OneTrust, SecurityScorecard, Bitsight, Archer) and security tooling.
• Leadership & Influence – Capable of guiding stakeholders and influencing decisions.

All legitimate Yext communications come from @yext.com email addresses. Messages from other domains (for example, @yext.team) are not authorized and are likely fraudulent. If you receive a message that seems suspicious, do not share personal information, click on links, or provide payment. Instead, please report the communication to security@yext.com.