Source Job

US

  • Lead end-to-end third-party audits, evidence collection, and compliance onboarding for new products and features.
  • Partner with cross-functional teams to design and validate internal controls across SOX, SOC, HIPAA, and PCI frameworks.
  • Drive continuous improvement by standardizing processes, reducing manual effort, and collaborating on automated compliance monitoring.

GRC SOC 2 ISO 27001

14 jobs similar to Lead Compliance Analyst

Jobs ranked by similarity.

US Unlimited PTO

  • Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
  • Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
  • Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.

Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.

US

  • Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
  • Lead risk assessments, control testing, and enterprise risk management processes.
  • Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.

Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.

US

  • Develop and maintain the enterprise IT GRC strategy, framework, and roadmap, presenting updates to executive leadership.
  • Lead enterprise IT risk assessments, maintain risk registers, and oversee remediation efforts.
  • Ensure compliance with regulations like NIST, ISO 27001, SOC, PCI-DSS, HIPAA, GDPR, and SOX.

Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, the company supports data centers, healthcare, and industrial facilities where uptime is non-negotiable.

US

  • Manage security compliance programs against frameworks like PCI-DSS, NIST, and SOC 1/2, leveraging automation tools for continuous assessment.
  • Oversee identity and access management, including automated provisioning audits and anomaly detection.
  • Collaborate with engineering, DevOps, and product teams to integrate compliance into CI/CD and cloud infrastructure.

Prosper is a FinTech company focused on improving financial well-being. It is a growing company with a collaborative culture and offers resources for professional growth and holistic well-being.

Global 18w maternity 16w paternity

  • Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
  • Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
  • Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.

Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.

Canada Europe Unlimited PTO

  • Support active and upcoming audits including ISO 27001, SOC 2, PCI DSS, and HIPAA by coordinating evidence and working with control owners.
  • Conduct risk assessments, update risk registers, track remediation, and perform third-party risk management reviews.
  • Respond to customer and prospect security/compliance questions and improve repeatable processes and evidence quality.

Upsun is the cloud application platform for hybrid teams, enabling developers to build, ship, and scale confidently without managing backend infrastructure. The company has a remote, global workforce and fosters a multicultural, open, and inclusive culture with a focus on open source and innovation.

GRC Manager

Runway
US

  • Design and implement a comprehensive GRC framework addressing both traditional security controls and novel AI safety considerations.
  • Lead engagements with external auditors to obtain critical security certifications like SOC 2, ISO 27001/27701/42001, and FedRAMP.
  • Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems.

Runway builds AI to simulate the world through merging art and science, focusing on world models for progress in artificial intelligence. Our team consists of creative, open-minded, caring, and ambitious people determined to change the world, striving to continuously build impossible things.

United States Unlimited PTO

  • Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
  • Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
  • Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.

Sardine is the leading agentic risk platform for fighting financial crime, integrating data across risk teams to stop fraud and automate AML operations. With over 6 billion profiled devices and 800 million consumers, we maintain a remote-first culture that values performance over hours worked.

LATAM Unlimited PTO

  • Execute SOC 1, SOC 2, SOC 3 examinations and other security audits.
  • Evaluate the design and effectiveness of technology controls and identify findings.
  • Supervise and provide performance management for IT audit staff.

Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance. Founded by former Big 4 professionals, the firm is one of the fastest-growing global audit firms with 170+ professionals supporting nearly 2,000 clients.

Global

  • Support the development, implementation, and improvement of our IT compliance framework.
  • Perform ITGC and application controls testing to ensure SOX and regulatory adherence.
  • Facilitate user access reviews, log reviews, and vendor risk management activities.

e.l.f. Beauty, Inc. stands for cruelty-free beauty at an incredible value, with a multi-brand portfolio including e.l.f. Cosmetics, e.l.f. SKIN, Well People, Naturium, and rhode. With over 29 consecutive quarters of net sales growth and $1 billion in net sales in FY25, they are a fast-growing, culturally driven company.

US Unlimited PTO

  • Lead control program maturity by designing an auditable framework fitting ezCater's SaaS, cloud, data, and engineering environment.
  • Build continuous control monitoring and automation by partnering with engineering teams to implement automated testing and evidence collection.
  • Expand data security policy and program quality by defining clear, enforceable policies tied to technical practices and operating cadences.

ezCater is the #1 food tech platform for workplaces in the US, making it easy for organizations to manage food needs and order from over 125,000 restaurants nationwide. The company values work/life harmony and offers a collaborative, innovative environment with passionate colleagues.

Europe 5w PTO

  • Own and drive the compliance roadmap across multiple frameworks like ISO 27001, TISAX, SOC 2, and GDPR.
  • Implement ISO 27001 and adjacent frameworks end-to-end for customers, ensuring successful audits.
  • Mentor the compliance team, conduct internal audits, and act as the senior compliance voice for customers, auditors, and product.

Secfix automates security compliance for companies, helping them achieve ISO 27001, GDPR, TISAX, and SOC 2 quickly. They are a high-performing 100% remote team with hubs in Germany and the UK, backed by top VCs.

  • Focus on compliance matters related to in-house IT systems and processes, including creating and updating internal documents.
  • Generate IT documentation for internal and external audits, and participate in interviews during those audits.
  • Provide answers to IT questions from sponsors and during client and vendor agreement reviews, and follow up on audit findings.

PSI is a global company founded in 1995 that focuses on medical science, bringing new medicines to those in need. They bring together more than 3,000 driven, dedicated, and passionate individuals who work on the frontline of medical science.

US

  • Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
  • Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
  • Conduct security risk assessments, evaluate controls, and track remediation plans.

Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.