Own and maintain the compliance platform (Drata), including control mapping, evidence collection, continuous monitoring, and audit workflows
Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks
Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion
Partner with Security, IT, and Engineering teams to ensure technical and administrative controls align with documented policies and compliance requirements
Support internal and external audits, including SOC 2, PCI DSS, and customer security reviews
Conduct periodic user access reviews and assist with access governance and RBAC validation
Develop and maintain compliance reporting, metrics, and executive ready summaries
Identify and implement automation opportunities to streamline evidence collection, access reviews, and policy lifecycle management
Requirements
Hands on experience operating and maintaining a compliance platform such as Drata or similar
Strong understanding of GRC fundamentals, including control design, evidence management, and audit readiness
Experience performing user access reviews and supporting identity and access governance processes
Working knowledge of security and compliance frameworks such as PCI DSS, SOC 2, ISO 27001 or ISO 42001, and NIST
Experience collaborating with technical teams to validate cloud, application, and security controls
Strong documentation skills with the ability to translate technical controls into clear compliance narratives