Security Risk & Compliance Analyst

Job Summary

customer-initiated vendor risk assessments

Key Responsibilities

• Customer Security Assessments

• Respond to incoming vendor security questionnaires, risk assessments, and due diligence requests from customers and prospects.
• Coordinate across internal teams (e.g., IT, DevOps, Product, Legal) to gather accurate information and documentation.
• Maintain and update standard response documentation such as SIG, CAIQ, VSA, and other common assessment formats.

• Security & Compliance Documentation Management

• Maintain a library of up-to-date compliance documents, certifications, and standard responses (e.g., SOC 2, ISO 27001, GDPR data maps).
• Assist with streamlining the response process by building knowledge bases and improving automation where possible.

• Cross-functional Collaboration

• Partner with Legal, Sales, Security, and Product to support customer RFPs and security discussions.
• Participate in security and compliance reviews during customer onboarding or procurement cycles.

• Policy and Process Development

• Contribute to the creation and revision of internal policies, procedures, and control narratives as needed to support security posture transparency.
• Identify opportunities for process improvement in the vendor response lifecycle.

Qualifications

Required:

• 3+ years of experience in compliance, customer assurance, GRC, or security operations.
• Direct experience responding to customer security questionnaires and vendor risk assessments.
• Solid knowledge of security and privacy frameworks such as SOC 2, ISO 27001, NIST CSF, GDPR, and/or HIPAA.
• Strong communication and technical writing skills with the ability to translate complex concepts for diverse audiences.
• Familiarity with tools like OneTrust, Whistic, SecurityScorecard, Drata, Vanta, or similar.

Preferred:

• Industry certifications such as CISA, CCSK, CIPM, or similar.
• Experience supporting enterprise customers and working closely with Sales or Customer Success teams.
• Background in SaaS, cloud-native environments, or cybersecurity.

Why Join Us?

• Make a direct impact on customer trust and enterprise security posture
• Collaborate in a supportive, high-performing team environment
• Enjoy competitive compensation, certification support, and growth opportunities

Show less