# Senior Compliance and Risk Analyst

**Company:** [Calendly](https://hotfix.jobs/companies/calendly)
**Location:** Remote
**Role:** Other
**Salary:** $165k – $233k/yr
**Experience:** 5+ years
**Skills:** SOC 2, ISO 27001, Nist, GDPR, HIPAA, GRC, Drata, Vanta, Risk Assessment, Internal Controls, Audit Management, Compliance Automation
**Posted:** 2026-06-29

> Senior Compliance and Risk Analyst responsible for owning and maturing SOC 2, ISO 27001 and enterprise risk programs at a high-growth SaaS company. Leads audits, automates controls using platforms like Drata/Vanta, performs risk assessments, and embeds compliance into engineering and business processes.

## Job Description

## Responsibilities
- Own and manage the organization's compliance program, including SOC 2 and ISO 27001 readiness, certification, and ongoing maintenance.
- Develop and execute a compliance roadmap aligned with business objectives, regulatory requirements, and organizational risk appetite.
- Lead internal and external audits by coordinating evidence collection, managing auditor relationships, and driving timely remediation of findings.
- Monitor changes in regulatory and industry frameworks, assessing their impact on the organization's compliance program.
- Own the enterprise risk management process, including risk identification, assessment, treatment planning, and ongoing monitoring.
- Conduct periodic risk assessments and partner with stakeholders to identify control gaps and prioritize remediation activities.
- Develop and present compliance metrics, risk dashboards, and executive reports for senior leadership.
- Design, document, and improve internal controls aligned with SOC 2, ISO 27001, and other applicable frameworks.
- Lead control testing, including evidence collection, effectiveness validation, remediation tracking, and continuous improvement.
- Expand and mature the organization's common controls framework to support evolving compliance requirements.
- Administer and optimize compliance automation platforms, improving workflow efficiency and reducing manual effort.
- Perform User Access Reviews (UARs) and support continuous compliance monitoring through automation and reporting.
- Partner with Engineering, Security, Product, Legal, HR, and Operations to integrate compliance into business processes and product development.
- Develop training, playbooks, and self-service resources that empower teams to meet compliance requirements efficiently.
- Manage multiple compliance initiatives simultaneously while ensuring projects remain on schedule and stakeholders stay informed.

## Requirements
- 5+ years of experience in compliance, risk management, audit, or Governance, Risk, and Compliance (GRC) roles within a technology or SaaS environment.
- Experience owning or leading compliance programs supporting frameworks such as SOC 2 and ISO 27001.
- Working knowledge of security and privacy frameworks including NIST, ISO 27001, GDPR, and HIPAA.
- Experience administering compliance automation platforms such as Drata, Vanta, Tugboat Logic, or similar solutions.
- Experience performing User Access Reviews (UARs) using GRC or compliance automation platforms.
- Strong understanding of internal controls, risk assessment methodologies, and audit processes.
- Demonstrated ability to manage multiple initiatives and deliver results in a fast-paced environment.
- Excellent project management, analytical, and problem-solving skills.
- Strong communication skills with the ability to translate technical and regulatory requirements into practical business solutions.
- Proven ability to collaborate effectively with technical and non-technical stakeholders across the organization.

## Nice-to-Haves
- Experience leveraging AI to improve compliance processes or automate workflows.
- Experience scaling compliance programs within a high-growth SaaS organization.
- Hands-on experience developing or expanding a common controls framework.
- Advanced expertise configuring compliance automation platforms, including integrations, custom controls, and reporting.
- Familiarity with additional compliance frameworks such as PCI DSS, FedRAMP, or other industry standards.
- Experience developing compliance training, awareness programs, or self-service enablement resources.
- Professional certifications such as CISA, CRISC, CISSP, CCSK, or equivalent.

## Similar roles

- [Strategic Intelligence Manager, Protective Intelligence](https://hotfix.jobs/jobs/f4da06b7-8107-43ce-a73b-306cbbedece2) - Coinbase - Remote - $166k – $196k/yr
- [Senior Manager, Public Policy, Texas](https://hotfix.jobs/jobs/79cd6694-0d08-4c3a-9002-b8a37070855e) - Airbnb - Texas - $164k – $205k/yr
- [Senior Video Editor](https://hotfix.jobs/jobs/a498f06b-bc16-4131-97a1-68cd3e59bafa) - Luma AI - Los Angeles, CA - $167k – $200k/yr
- [Operations Lead - Perception Data Labeling](https://hotfix.jobs/jobs/30f7f8e8-5d6c-4254-815d-87d25bc5976d) - Zoox - Boston, MA - $163k – $223k/yr
- [Senior Project Manager, Places & Build](https://hotfix.jobs/jobs/82e388a8-159a-497f-aac5-d4b96ffe7903) - Zoox - Foster City, CA - $163k – $196k/yr

**Apply:** https://hotfix.jobs/jobs/f292754f-a6df-4b0f-8fdb-77ee91f5d5f1
**Canonical:** https://hotfix.jobs/jobs/f292754f-a6df-4b0f-8fdb-77ee91f5d5f1