This Compliance Analyst role at Harvey involves owning and maintaining compliance documentation, coordinating evidence collection, and supporting third-party assessments. The role requires hands-on compliance work, close collaboration with Engineering and Security teams, and a detail-oriented approach to ensure program health and continuous monitoring.
99k – 149k/yr
Hybrid3+ YOESecurity Engineering
About the role
What You'll Do
Own and maintain core compliance documentation — including compliance packages and security assessment reports — keeping them accurate and audit-ready
Coordinate evidence collection across Engineering, Infrastructure, and Security for regulated assessments
Support third-party assessor engagements end-to-end: scheduling, preparing teams, triaging findings, and drafting responses
Conduct gap analyses against applicable frameworks and produce remediation tracking artifacts teams can act on directly
Manage continuous monitoring activities including control reviews, change notifications, and incident documentation to maintain compliance status
Partner with Engineering and Security to validate control implementations and translate regulatory language into testable technical configurations
What You Have
3–5+ years in information security compliance with hands-on exposure to government and industry frameworks in a SaaS or cloud environment
Solid working knowledge of applicable government compliance frameworks; ability to map controls to technical implementations and evaluate evidence quality
Experience maintaining compliance documentation and tracking remediation activities; familiarity with compliance automation tooling
Exceptional attention to detail — able to manage multiple concurrent workstreams and keep documentation aligned with a dynamic cloud environment
Clear communicator: able to write crisp control implementation statements and explain compliance requirements to engineering audiences
Compensation
$99,200 - $148,800
Skills
Information Security ComplianceGovernment Compliance FrameworksSaaSCloud EnvironmentsCompliance Automation Tooling
Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.
100k – 140k/yr
RemoteSecurity Engineering
Security Engineer, Application Security
Trail of BitsUnited States
Conduct low-level code security assessments, architecture reviews, and threat modeling for client applications. Build custom security tools bridging vulnerability research and application security. Requires manual code review, binary analysis, and programming proficiency in multiple languages.
100k – 200k/yr
Remote5+ YOESecurity Engineering
Security Engineer (Security Operations, Zero Trust)
BlackCloakUnited States
Security Engineer focused on security operations, incident response, and Zero Trust implementation. Designs, deploys, and supports security tools like SIEM, EDR, and Cloudflare; triages alerts, automates responses, and collaborates on cloud/IAM security. Requires 3-5 years experience in cloud-native security engineering.
100k – 140k/yr
Remote3+ YOESecurity Engineering
GRC Program Manager
AstraUnited States
Owns end-to-end execution of GRC programs including SOC 1/2, PCI DSS, and ISO 27001 audits, control design, risk assessments, and vendor management. Partners with engineering to implement technical controls and documentation for scalable compliance in fintech.
95k – 135k/yr
Remote3+ YOESecurity Engineering
Security Engineer II
MetropolisLos Angeles, CA
Security Engineer II responsible for monitoring security alerts, responding to incidents, administering enterprise security tools, and supporting cloud and identity security initiatives. Requires 3+ years in cybersecurity or related fields with strong scripting and troubleshooting skills.