Airitos, LLC

Compensation

Full Description

Job Title: Cybersecurity & Compliance Analyst (SOC 2 / GRC / Audit) Role Overview: The Cybersecurity & Compliance Analyst will lead and support efforts around SOC 2 compliance, governance risk and compliance (GRC) initiatives, and third-party audits. You will use tools such as Drata and Vanta to automate and manage compliance workflows, and work cross-functionally with stakeholders across engineering, product, legal, and leadership. Key Responsibilities: • Manage and maintain SOC 2 Type I and Type II readiness and ongoing compliance, including evidence collection and control testing • Administer and optimize compliance automation platforms such as Drata and Vanta • Support internal GRC functions including risk assessments, policy management, and control framework implementation (e.g., NIST, ISO 27001) • Coordinate and support external audit processes; act as a key liaison with auditors • Collaborate with engineering and IT to implement and enforce security controls • Monitor compliance KPIs and prepare reporting for leadership and board-level audiences • Stay informed about evolving regulatory requirements and security best practices Qualifications: • 3+ years of experience in cybersecurity, compliance, or GRC-related roles • Hands-on experience with SOC 2 audits and continuous compliance workflows • Familiarity with Drata, Vanta, or similar compliance automation tools • Strong understanding of risk management frameworks and security controls • Experience managing third-party audits and working with external auditors • Excellent organizational, documentation, and communication skills • Industry certifications such as CISA, CISSP, or CRISC are a plus Bonus Points For: • Experience working in cloud-native or SaaS environments • Familiarity with ISO 27001, HIPAA, or GDPR compliance • Previous experience in a startup or fast-growing tech company