Serve as both a risk practitioner and automation engineer. Automate everything.
Own and maintain the compliance platform (Vanta), including control mapping, evidence collection, continuous monitoring, and audit workflows
Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion
Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks
Partner with Security, IT, Infrastructure, and Engineering teams to ensure technical and administrative controls align with documented policies and compliance requirements
Support internal and external audits (SOC 2, HIPAA, HITRUST)
Own and maintain the cyber risk register, collaborating with risk owners to quantify risks and develop remediation plans.
Develop and maintain risk reporting, metrics, and executive summaries with BI tools (Looker, Hex, etc)

Requirements

5+ years of combined experience across governance, risk, compliance, security engineering, or adjacent technical roles, including hands-on experience working with compliance frameworks such as SOC 2, HIPAA, HITRUST, NIST, and PCI in modern, technology-driven environments.
3+ years of experience with ongoing compliance operations, with demonstrated progression from manual evidence collection to automated, continuously monitored controls.
2+ years of hands-on experience implementing and administering continuous compliance and evidence automation platforms (e.g., Vanta, Drata, SecureFrame), including configuring and creating custom integrations as well as optimizing automated evidence workflows.
Working knowledge of cloud computing platforms (AWS, Azure, GCP) and how their native services and configurations support security and compliance requirements.
Expertise in using Looker (or similar BI tool; HEX) to create dashboards, generate reports, and visualize GRC data for stakeholders, with a focus on simplifying complex data into actionable insights.
Ability to automate data ingestion, transformation, and reporting using scripting or programmatic approaches (e.g., Python, JavaScript, APIs, Tines.)
Strong analytical and root cause analysis skills
Kindness, and an ability to communicate to all levels of the organization

Benefits

Full medical, dental, and vision insurance + OneMedical membership
Healthcare and Dependent Care FSA
401(k) with company match
Flexible PTO
Wellbeing + Learning & Growth reimbursements
Paid parental leave + Fertility benefits
Pet insurance
Student loan refinancing
Virtual resources for mindfulness, counseling, and fitness

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

risk assessmentsvendor security reviewscontrol gap analysescontinuous complianceevidence automationdata ingestiondata transformationreportingscriptingprogrammatic approaches

Soft Skills

analytical skillsroot cause analysiscommunicationcollaborationkindness

Certifications

SOC 2HIPAAHITRUSTNISTPCI