Key skills
Cloud
About this role
Role Overview
- Own and maintain the compliance platform (Drata), including control mapping, evidence collection, continuous monitoring, and audit workflows
- Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks
- Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion
- Partner with Security, IT, and Engineering teams to ensure technical and administrative controls align with documented policies and compliance requirements
- Support internal and external audits, including SOC 2, PCI DSS, and customer security reviews
- Conduct periodic user access reviews and assist with access governance and RBAC validation
- Develop and maintain compliance reporting, metrics, and executive ready summaries
- Identify and implement automation opportunities to streamline evidence collection, access reviews, and policy lifecycle management
Requirements
- Hands on experience operating and maintaining a compliance platform such as Drata or similar
- Strong understanding of GRC fundamentals, including control design, evidence management, and audit readiness
- Experience performing user access reviews and supporting identity and access governance processes
- Working knowledge of security and compliance frameworks such as PCI DSS, SOC 2, ISO 27001 or ISO 42001, and NIST
- Experience collaborating with technical teams to validate cloud, application, and security controls
- Strong documentation skills with the ability to translate technical controls into clear compliance narratives
Tech Stack
- Cloud
Benefits
- Competitive base
- Equity package
- 100% remote (US-based)
- Medical, dental, and vision
- 401(k) program (eligible after 3 months)
- Unlimited PTO