Cybersecurity Compliance Analyst

Job Description: • Serve as the owner of the Vanta platform. Configure integrations, monitor failing tests, and ensure the platform reflects the organization's real-time security posture. • Gather, organize, and review audit evidence for SOC 2 controls. Ensure all evidence is current, accurate, and correctly mapped to the Trust Services Criteria. • Perform daily/weekly reviews of automated compliance monitors in Vanta. Proactively reach out to control owners (e.g., developers, HR) to fix failing controls (e.g., ensuring background checks are completed, laptops are encrypted, or PRs are approved). • Act as liaison with external auditors. Manage evidence requests. • Oversee the vendor onboarding process, ensuring third-party security reviews are documented and linked within Vanta. • Maintain and update internal security policies and procedures to ensure they align with current business operations and SOC 2 requirements. • Facilitate quarterly user access reviews for critical systems (AWS, GitHub, IDP) to ensure least-privilege access. Requirements: • 2–4 years of experience in IT compliance, internal audit, or risk management. • Strong working knowledge of SOC 2 Trust Services Criteria (Security, Availability, Confidentiality). • Hands-on experience using Vanta (or similar tools like Drata/Secureframe) to automate compliance. • Ability to understand technical evidence (e.g., cloud infrastructure settings, SDLC workflows, encryption standards) and communicate effectively with engineering teams. • Strong written and verbal communication skills; ability to chase down evidence from busy stakeholders. • Experience with ISO 27001, HITRUST, HIPAA, or GDPR. • Relevant certifications (CISA, CRISC, or CISSP). • Experience in a B2B SaaS environment. Benefits: Apply tot his job