As an Analyst on Drata’s Compliance Team, you will be on the front lines building, monitoring, and maintaining Drata’s control environment. Your role will be key in managing Drata’s risks and continuously complying with Drata’s regulatory, contractual, and compliance obligations–all while supporting Drata’s rapid growth and development. In this role, the successful candidate will collaborate with system owners, product managers, engineers, technology team members, and business leaders to continuously improve our business processes and underlying business systems. This role will also focus heavily on automation–a core value of Drata–which includes leading the way in automating Drata’s GRC program.

Responsibilities:

• Monitor and maintain oversight of Drata’s security and automation platform–including troubleshooting and working with internal teams to resolve continuous compliance monitoring alerts on an ongoing basis.
• Perform reviews on current and prospective vendors as part of our Third Party Risk Management program.
• Conduct annual risk assessments and quarterly risk reviews with department leads to identify and mitigate potential organizational risks.
• Support Drata’s amazing Sales and Customer Success teams by responding to any customer due diligence security questionnaires.
• Monitor the effectiveness of and propose improvements to Drata’s compliance program, control monitoring tests, control processes, risk mitigation plans, and policy compliance.
• Document new systems and business processes, including data maps, architecture diagrams, and process flow diagrams.
• Perform compliance readiness assessments, internal audits, and liaise and support external audits.
• Escalate issues to senior management, develop and negotiate remediation plans and track issues to resolution.

Qualifications:

• Bachelor's Degree in Information Systems, Information Technology, or related field.
• 2+ years of experience in compliance, risk management, or security related role.
• Experience implementing and demonstrating understanding of various regulatory and compliance frameworks, including but not limited to SOC1, SOC2, SOC2, ISO2700x, HIPAA, GDPR, and NIST.
• Hands-on experience in scoping, planning, and executing audits and projects.
• Knowledge of, or experience working with cloud technologies and environments.
• Comfortable taking initiative and accepting responsibility for assigned tasks under minimal supervision
• Effective verbal and written communication skills.
• Have a desire to learn and work with internal teams to build feature updates and improvements to our product.
• Familiarity with GRC solutions, tools, and technologies.
• Relevant certifications are a plus (e.g., CISA, CISM, CRISC, CISSP, CIPP/US/US).
• Familiarity with Common Controls Framework (CCF) is a plus.
• Big Four experience preferred.