spellbook.legal - Compliance Analyst, US Compliance Programs
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Experience in compliance, security assurance, GRC, audit, risk management, privacy, or a related function — ideally supporting a SaaS, cloud, AI, legaltech, fintech, healthtech, or public sector environment. • Familiarity with security and compliance frameworks such as SOC 2, ISO 27001, NIST 800-53, NIST CSF, HIPAA, FedRAMP, TX-RAMP, or GovRAMP. • Hands-on experience collecting audit evidence, maintaining control documentation, tracking remediation, and supporting internal or external assessments. • Experience using compliance automation or GRC platforms such as Vanta, Linear, or similar tools. • Strong ability to read framework requirements, customer obligations, and regulatory guidance and convert them into actionable project plans. • Experience partnering with technical teams to understand systems, access controls, data flows, infrastructure, cloud environments, and security control implementation. • Excellent written and verbal communication skills, with the ability to explain compliance requirements in plain English to technical, legal, business, and executive audiences. • Highly organized and comfortable managing multiple compliance workstreams, deadlines, audits, and stakeholder dependencies at the same time. • Pragmatic at distinguishing high-priority compliance risks from lower-impact administrative issues, and able to move with urgency in ambiguous environments. • US Citizenship and a non-expired US Passport or state-issued REAL ID driver's license. • Experience supporting or implementing TX-RAMP, GovRAMP, FedRAMP, or other public sector cloud compliance initiatives. • Experience with HIPAA compliance, healthcare customer requirements, BAAs, ePHI safeguards, or healthcare security assessments. • Direct experience working with 3PAOs, external auditors, government assessors, or public sector procurement teams. • Experience with NIST 800-53 control mapping, SSPs, POA&Ms, continuous monitoring, authorization boundaries, customer responsibility matrices, or audit evidence packages. • Certifications such as CISA, CRISC, CISM, CISSP, CCSK, ISO 27001 Lead Implementer/Auditor, CIPP/US, or similar.
Responsibilities
• Implement and maintain US compliance program initiatives across government, healthcare, financial services, and enterprise SaaS customer requirements. • Drive readiness, implementation, and ongoing maintenance for frameworks such as TX-RAMP, GovRAMP, FedRAMP, HIPAA, SOC 2, and other security or privacy compliance obligations. • Manage compliance operations in platforms like Vanta — evidence collection, control monitoring, policy tracking, vendor documentation, employee compliance tasks, and audit-readiness workflows. • Coordinate with external auditors, assessors, consultants, legal advisors, and certification bodies through every phase of an engagement. • Lead government compliance initiatives, including control mapping, gap assessments, documentation packages, system descriptions, policy updates, and customer-facing compliance responses. • Maintain compliance artifacts including policies, procedures, risk registers, control narratives, system inventories, access reviews, training records, and audit evidence. • Track regulatory, framework, and customer requirement changes and translate them into practical updates to internal controls and workflows. • Partner with Sales and Customer Success on security questionnaires, public sector procurement requirements, and regulated customer due diligence. • Define repeatable compliance workflows for intake, triage, ownership, escalation, documentation, reporting, and remediation. • Use AI, automation, and compliance tooling to reduce manual work, improve evidence quality, and accelerate program execution.
Benefits
• Embrace autonomy and accountability in a flexible work environment; we focus on outcomes and empower you to determine how to get the job done • Access our company-paid group benefits for you and your family, with $1,000 towards mental health support • Disconnect during our holiday closure and take advantage of our generous time off policies throughout the year • Enjoy monthly paid meals, an annual wellness allowance to support your well-being and parental leave top-ups as your family grows • Secure your stake in our success; you’ll receive competitive stock option grants as a pivotal early employee • INCLUSIVE HIRING AT SPELLBOOK • Spellbook uses industry benchmark data to establish compensation bands for all roles. The salary range listed for a position reflects the expected total wage range for the role—including base salary and on-target commissions, where applicable—and may span multiple career levels. Final compensation is determined during the interview process based on factors such as experience, skills, scope, and role level. In addition to base salary and applicable commissions, total rewards may include equity, health and wellness benefits, and other company programs. Full details will be shared during the interview process.
No credit card. Takes 10 seconds.