Senior Compliance Analyst (Remote)

As a Senior Compliance Analyst on Drata’s team, you’ll be at the forefront of innovation—helping ensure Drata not only meets its security and compliance objectives, but also sets the industry standard for GRC and Trust Management. By spearheading creative solutions and embracing Automation–one of Drata’s core values–you’ll help shape the future of GRC and Trust Management programs, all while continually incorporating new ideas into the Drata platform to help our thousands of customers also using the platform. This is your chance to transform the industry from the front lines—all demonstrating how it’s done by being a critical part of Drata’s own internal GRC program.

What you'll do:

• Don’t just trust the process—improve it! You’ll focus on automating the compliance process and turning Drata into the unrivaled go-to product for security and compliance, giving detailed feedback to product teams based on your daily usage. You’ll devise innovative solutions for challenges like vendor management, onboarding/offboarding, facilitating smooth and seamless internal and external assessments, helping ensure both Drata and its customers stay ahead of the curve.
• Watch the watchers! Oversee our security and engineering teams to confirm they’re consistently meeting Drata’s security and compliance standards and control requirements. You’ll be the eyes that help maintain our rigorous standards—and the voice that pushes for continuous improvement.
• Build and Maintain the Trust of Customers. At times, our thousands of customers have questions. You’ll be helping them get answers to those questions either through our Trust Center or responding to questionnaires. Our external auditors are also part of this process. You’ll be working to get our external assessors the answers and artifacts they need to complete our external audits.
• Hack the planet! (Who doesn’t love Hackers?) You’ll partner with the security team on bug bounties, blue/red team engagements, penetration tests, and other exciting projects—because true compliance goes hand in hand with creative, proactive security.
• Code is for building solutions—not how you communicate. You’ll collaborate seamlessly with your peers and clearly articulate the “why” behind our controls, processes, and requirements – making sure everyone understands the bigger picture and moves forward together.
• Write the ancient artifacts of documentation. From environment configurations to policies and procedures, you’ll craft thorough documentation that actually makes sense to the business, our auditors, and our customers–ensuring all know exactly how things work.
• Stay curious. You enjoy exploring the latest tech trends, testing out new tools, and finding ways they can enhance our security and compliance strategies.

By weaving together automation, innovation, and clear communication, you’ll play a pivotal role in shaping Drata’s future and redefining what it means to be secure and compliant in a modern, fast-paced world. Let’s revolutionize the industry—together!

What you’ll you bring:

• You have 5-7 years of experience
• You have a passion for developing solutions at the intersection of Compliance, Privacy and Security
• You have a solid understanding of how things operate in a SaaS environment
• You have a solid understanding of Risk Management and Vendor Management to lead discussions and manage risks and vendors.
• You are knowledgeable in SOC 2 , ISO 27001, HIPAA, and an awareness of FedRAMP, NIST CSF, and others, and know how to audit internally, and facilitate external auditor assessments against these.
• You like taking the road less traveled when it makes sense, you analyze problems and find better ways to meet the business need.
• Black Hat, White Hat or Wizard Hat, we don’t care, we just want you to be passionate about security and helping our industry mature.
• We live in the cloud so we need you to have AWS, GCP or Azure experience.
• Watson is that you? We need you to be able to do in-depth troubleshooting to problem solve to help us continually improve all facets of the program.
• We are people who are curious and love to learn new things, we want you to have that desire as well.
• Be Awesome! You are going to need to work well with your peers because they are often coming to you with problems while frustrated, be kind and clearly communicate to them to make things all better.
• Certifications (CISA, CISM, CISSP, ISC, IAPP) or equivalent experience.

Benefits:

• Healthcare: 90-100% paid premiums for medical, dental, and vision plans for employee and dependents + on demand health care concierge
• HSA, FSA, & DCFSA: Pre-tax savings plans for healthcare and dependent care, with up to a $600 annual employer contribution to the HSA plan (if enrolled in HSA medical plan)
• 100% paid short and long term disability plus life + AD&D benefits
• Learning & Development: $500 annually towards professional development opportunities + $250 annually towards personal development opportunities
• Flexible Time Off: Flexible vacation policy for strong, fully charged batteries
• 16 Weeks Paid Parental Leave: An inclusive policy to ensure you have time with your newborn, newly adopted, or foster child
• Work Remotely: Flexible hours and work from home + $1,000 annually to cover necessary business related items for your home office
• 401K: Reach your financial goals while reducing your taxes

This role will receive a competitive base salary, benefits, and stock, typically in the form of Restricted Stock Units (RSUs). The applicable salary range for each US-based role is based on where the employee works and is aligned to one of 3 tiers based on the cost of labor for that geographic area. The expected salary ranges for this role are below, subject to change. 

Tier 1: $136,595 - $168,700

Tier 2: $122,900 - $151,800

Tier 3: $109,300 - $135,000

You can view which tier applies to where you plan to work here. A variety of factors are considered when determining someone’s leveling and compensation–including a candidate’s professional background and experience. These ranges may be modified in the future and final offer amounts may vary from the amounts listed above.