Security & Compliance Analyst

The Security & Compliance Analyst at CompanyCam is responsible for managing the company's compliance monitoring program, aligning frameworks like NIST CSF 2.0 and SOC 2 Type II, and translating security data into actionable risk insights. This role acts as a bridge between technical teams and business leadership to ensure continuous compliance without hindering operations.

Location: You must live and work permanently in the U.S.

Salary: $110,000 - $125,000 per year

Responsibilities

• Administer CompanyCam's Vanta Professional instance, maintaining automated test coverage, resolving broken integrations, and keeping the compliance dashboard accurate and up to date
• Own our NIST CSF 2.0 and SOC 2 Type II framework alignment, mapping controls efficiently across both frameworks and closing gaps as they surface
• Identify and route compliance gaps, triaging remediation tasks to the right owners and tracking through to resolution
• Maintain evidence libraries and audit trails required for SOC 2 Type II readiness and annual audits
• Prepare risk reporting for the Enterprise Risk Committee, translating technical vulnerabilities and control gaps into clear, prioritized business risk language
• Own the risk register, supporting risk scoring, trending, and remediation tracking alongside the Security & Compliance Lead
• Conduct vendor security assessments and maintain the third-party risk inventory
• Own the intake and response process for inbound security questionnaires from customers and partners
• Act as the cross-functional liaison between Security & Compliance and engineering, IT, and business teams on compliance obligations and remediation timelines
• Support security awareness initiatives, user access reviews, and ongoing compliance program activities

Requirements

• 3 to 5 years of experience in GRC, security compliance, or information security
• Hands-on experience with Vanta (or a comparable platform like Drata or Tugboat Logic), including keeping automated evidence collection running and troubleshooting when things break
• Direct experience with a SOC 2 Type II audit lifecycle, from readiness all the way through report issuance
• Working knowledge of NIST CSF 2.0 and the ability to map controls across multiple frameworks
• Enough cloud infrastructure knowledge to have a real conversation with an engineer about control implementation (you don't need to build it, just understand it)
• Strong analytical skills, with the ability to take raw vulnerability data and turn it into something a non-technical leader can understand and act on
• A continuous growth-mindset, with a focus on learning, embracing challenges, and continuously improving
• A knack for creativity and innovation, bringing fresh ideas to the table and solving complex problems.

Benefits

• Starting salary range of $110,000 - $125,000 per year, based on experience
• Meaningful equity and other benefits

Additional Information

• This is a salaried position at CompanyCam.
• CompanyCam is an equal-opportunity employer committed to respect, inclusion, and growth.
• Applicants are encouraged to apply regardless of background or experience.
• For accommodations or technical issues, email jobs@companycam.com.
• Resumes sent to this email will not be reviewed; applications must be submitted through the careers page.