Security Compliance Analyst

What project we have for you:

Build and ship the best possible products accurately and on-time. Solve complex business problems and workflows with highly secure, scalable, and easy-to-use backend APIs and infrastructure. We run our services on Kubernetes using GCP (for now) and AWS (upcoming). We integrate with Stripe, Plaid, and others to make complicated financial transactions a breeze.

What you will do:

• Manage and respond to customer RFPs, security questionnaires, and due diligence requests.
• Support internal audits and risk assessments across the organization.
• Lead the end-to-end process for our upcoming SOC 2 Type II audit, including gap analysis, control implementation, evidence collection, and coordination with auditors.
• Drive company-wide readiness efforts for ISO/IEC 27001 certification, collaborating with stakeholders to build necessary policies, procedures, and controls.
• Work closely with Engineering, Legal, DevOps, and DPO teams to ensure security and compliance requirements are embedded into operations.

What you need for this

Required skills:

• 3–5+ years of experience in Information Security, Governance, Risk & Compliance (GRC), or a similar field.
• Hands-on experience with SOC 2 and/or ISO 27001 audits, including readiness, execution, and remediation.
• Solid understanding of information security controls, risk management principles, and audit processes.
• Familiarity with common standards and frameworks such as SOC 2, ISO 27001, NIST, CIS Controls, and GDPR.
• Experience working with customer security RFPs, questionnaires, and managing external communication around security posture.
• Excellent communication skills — fluent in English (both written and verbal).
• Strong organizational skills and the ability to manage multiple concurrent initiatives. independently.

Nice to Have:

• Security or compliance certifications such as CISA, CISM, ISO 27001 Lead Implementer/Auditor, or similar.
• Previous experience in SaaS or cloud-native environments.
• Familiarity with GRC platforms like Drata, Vanta, OneTrust, TrustArc, or Confluence-based frameworks.
• Understanding of cloud security (AWS/GCP/Azure), CI/CD pipelines, or DevSecOps practices.