{"id":866,"date":"2025-12-18T10:17:24","date_gmt":"2025-12-18T10:17:24","guid":{"rendered":"https:\/\/skillbasedmatching.com\/jobs\/?post_type=jobpost&#038;p=866"},"modified":"2025-12-18T10:17:47","modified_gmt":"2025-12-18T10:17:47","slug":"cybersecurity-compliance-analyst-grc-audit-automation","status":"publish","type":"jobpost","link":"https:\/\/skillbasedmatching.com\/jobs\/current-jobs\/cybersecurity-compliance-analyst-grc-audit-automation\/","title":{"rendered":"Cybersecurity &#038; Compliance Analyst \u2013 GRC &#038; Audit Automation"},"content":{"rendered":"\n<p>\u200bThis is a full-time, <strong>Experienced<\/strong> contract role based in the <strong>United States<\/strong>. The position is heavily focused on the modern &#8220;Compliance-as-Code&#8221; movement, specifically utilizing automation platforms to maintain high-trust standards like <strong>SOC 2<\/strong>. It is an ideal role for an analyst who understands the intersection of cloud-native engineering and rigorous regulatory auditing.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Location:<\/strong> Remote (United States).<\/li>\n\n\n\n<li>\u200b<strong>Employment Type:<\/strong> Contract.<\/li>\n\n\n\n<li>\u200b<strong>Core Focus:<\/strong> SOC 2 Type I\/II, GRC, and Third-Party Audits.<\/li>\n\n\n\n<li>\u200b<strong>Primary Tooling:<\/strong> <strong>Drata<\/strong> and <strong>Vanta<\/strong> (Compliance automation).<\/li>\n\n\n\n<li>\u200b<strong>Frameworks:<\/strong> SOC 2, NIST, ISO 27001.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bKey Responsibilities: Automating Trust<\/h2>\n\n\n\n<p>\u200bThe Analyst serves as the primary driver for organizational trust, ensuring that security controls are not just designed, but continuously verified through automation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bSOC 2 &amp; Audit Lifecycle<\/h3>\n\n\n\n<p>\u200bYou will lead the readiness and ongoing maintenance of <strong>SOC 2 Type I and Type II<\/strong> reports. This involves constant evidence collection, control testing, and acting as the central liaison for external auditors during the examination window.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bCompliance Automation (Drata\/Vanta)<\/h3>\n\n\n\n<p>\u200bA primary task is the administration and optimization of platforms like <strong>Drata<\/strong> or <strong>Vanta<\/strong>. You will configure these tools to monitor your cloud environment (AWS\/Azure\/GCP) in real-time, mapping technical configurations to specific compliance controls.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bGRC &amp; Risk Management<\/h3>\n\n\n\n<p>\u200bYou will support internal GRC functions by conducting <strong>risk assessments<\/strong>, managing the policy lifecycle, and implementing control frameworks like <strong>NIST or ISO 27001<\/strong>. You&#8217;ll collaborate with engineering and IT to ensure that security controls are enforceable and integrated into their existing workflows.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bMetrics &amp; Reporting<\/h3>\n\n\n\n<p>\u200bYou are responsible for monitoring compliance KPIs and preparing executive-level reporting for leadership and the board, demonstrating the health and maturity of the security program.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bRequired Qualifications<\/h2>\n\n\n\n<p>\u200bThe organization is looking for a GRC specialist who is comfortable in a high-growth, technically fluid environment.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Experience:<\/strong> 3+ years in cybersecurity, compliance, or GRC.<\/li>\n\n\n\n<li>\u200b<strong>Specialization:<\/strong> Hands-on experience with SOC 2 audits and the use of automated compliance platforms (Vanta, Drata, etc.).<\/li>\n\n\n\n<li>\u200b<strong>Framework Knowledge:<\/strong> Strong grasp of risk management frameworks and the technical implementation of security controls.<\/li>\n\n\n\n<li>\u200b<strong>Auditor Relations:<\/strong> Proven experience managing external auditors and coordinating the &#8220;Pull List&#8221; for evidence.<\/li>\n\n\n\n<li>\u200b<strong>Certifications (Plus):<\/strong> CISA (Certified Information Systems Auditor), CISSP, or CRISC.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bBonus Points<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Environment:<\/strong> Experience in <strong>Cloud-native or SaaS<\/strong> environments.<\/li>\n\n\n\n<li>\u200b<strong>Broad Compliance:<\/strong> Familiarity with <strong>HIPAA, GDPR, or ISO 27001<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Culture:<\/strong> Previous experience in a startup or fast-growing tech company where agility is key.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bWhy This Role is Unique<\/h2>\n\n\n\n<p>\u200bThis isn&#8217;t a &#8220;paperwork&#8221; compliance job. Because it relies on tools like <strong>Vanta and Drata<\/strong>, the role is more about <strong>Technical GRC<\/strong>\u2014monitoring APIs, checking cloud configurations, and working with engineers to automate evidence. It moves the needle from &#8220;annual audits&#8221; to &#8220;continuous compliance.&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u200bThis is a full-time, Experienced contract role based in the United States. The position is heavily focused on the modern &#8220;Compliance-as-Code&#8221; movement, specifically utilizing automation platforms to maintain high-trust standards like SOC 2. It is an ideal role for an analyst who understands the intersection of cloud-native engineering and rigorous regulatory auditing. \u200bKey Responsibilities: Automating [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","jobpost_category":[43],"jobpost_job_type":[39],"jobpost_location":[1041],"jobpost_tag":[1340,3963,3176,3423,1936,1252,81,1279,1032],"class_list":["post-866","jobpost","type-jobpost","status-publish","hentry","jobpost_category-it","jobpost_job_type-remote","jobpost_location-united-states","jobpost_tag-cloud-security","jobpost_tag-compliance-automation","jobpost_tag-cybersecurity-analyst","jobpost_tag-drata","jobpost_tag-grc","jobpost_tag-nist","jobpost_tag-remote","jobpost_tag-soc-2-2","jobpost_tag-vanta"],"_links":{"self":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost\/866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost"}],"about":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/types\/jobpost"}],"author":[{"embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/media?parent=866"}],"wp:term":[{"taxonomy":"jobpost_category","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_category?post=866"},{"taxonomy":"jobpost_job_type","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_job_type?post=866"},{"taxonomy":"jobpost_location","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_location?post=866"},{"taxonomy":"jobpost_tag","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_tag?post=866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}