Horizon3 AI logo

Senior Compliance Analyst

Horizon3 AI
Full-time
Remote
United States
$90,000 - $130,000 USD yearly

About the Company
Get to Know Us. Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs.

We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn-it-alls, committed to a culture of respect, collaboration, ownership, and results.

As a remote-first company, we require a minimum 25Mbps consumer-grade broadband connection.

What You’ll Do
We are seeking a skilled Senior Compliance Analyst with strong experience in Governance, Risk, and Compliance (GRC) to join our growing Security team. As a cybersecurity company, we take compliance, privacy, and third-party risk seriously. This role will serve as a subject matter expert for compliance and data privacy, and will play a critical role in maintaining trust with customers, regulators, and partners. You will manage inbound customer security requests, lead audit preparation activities, and drive continuous improvements in our compliance program. This role is instrumental in helping us scale and mature our Compliance and Data Privacy capabilities while maintaining a strong security posture across the organization.

Responsibilities

  • Compliance & Audit Management
    • Serve as the internal lead for SOC 2 Type II compliance efforts, including control mapping, evidence collection, and audit coordination.
    • Maintain and improve the control environment to ensure continuous compliance with SOC 2 and other applicable frameworks such as but not limited to ISO:27001, NIST AI RMF, DORA, and NIST 800-53.
    • Collaborate with cross-functional teams (Engineering, IT, Legal, HR) to implement and validate control requirements.
  • Data Privacy Compliance
    • Oversee the organization’s privacy program to ensure compliance with GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state data privacy laws.
    • Maintain records of processing activities (RoPAs), manage data subject access requests (DSARs), and conduct privacy impact assessments (PIAs).
    • Work closely with Legal and Product teams to advise on privacy-by-design and ensure data minimization and transparency practices.
  • Vendor Risk Management
    • Own and manage the third-party risk management lifecycle, including onboarding reviews, periodic reassessments, and contract/privacy reviews.
    • Conduct security and privacy due diligence on new vendors and partners supporting the SaaS product.
    • Maintain a current inventory of vendors, subprocessors, and associated risk assessments.
  • Customer Assurance
    • Serve as the primary point of contact for responding to customer security questionnaires, RFPs, and due diligence requests.
    • Leverage existing documentation (e.g., SOC 2 report, pen test, whitepapers, DPA) and collaborate with technical teams to provide accurate and timely responses.
    • Assist Sales, Customer Success, and Legal with deal acceleration by enabling trust in our security and compliance posture.

Requirements

  • 4–6+ years of experience in security compliance, risk, or privacy—preferably in a B2B SaaS or cybersecurity company.
  • Deep understanding of compliance frameworks (e.g., SOC2, ISO:27001, NIST AI RMF, NIST 800-53, etc.) and experience leading annual audits.
  • Expertise in GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. data privacy laws.
  • Strong working knowledge of third-party risk management practices and vendor due diligence processes.
  • Experience responding to security questionnaires, RFPs, and customer audits.
  • Familiarity with common SaaS infrastructure (e.g., AWS, Okta, MDM, SIEM, DLP, etc.).
  • Excellent communication skills and the ability to translate complex compliance concepts for both technical and non-technical stakeholders.

Preferred Qualifications (Nice to Have)

  • Certifications such as CIPP/US, CIPT, CISA, CRISC, or ISO Lead Implementer are a strong plus.
  • You’ve led multiple SOC 2 Type II audits from start to finish and know how to navigate both the auditor's requirements and the business's operational realities.
  • You have a deep working knowledge of global and U.S. privacy laws, including GDPR, CCPA/CPRA, and stay ahead of the evolving regulatory landscape.
  • You're a trusted partner across Sales, Legal, Security, and Engineering—balancing compliance rigor with practical business execution.
  • You’ve built or managed a vendor risk management program and know how to evaluate technical controls, assess privacy risk, and communicate findings clearly.
  • When faced with a massive security questionnaire or RFP, you know how to cut through complexity, collaborate with SMEs, and deliver confident, timely responses.
  • You hold industry-recognized certifications like CIPP/US, CISA, or ISO 27001 Lead Implementer, demonstrating your commitment to professionalism and subject matter expertise.

Salary
Base salary range: $90,000 - $130,000 annually. The exact salary will be determined based on the selected candidate’s location, qualifications, experience, and relevant skills.

Additional Compensation
All full-time roles are eligible for an equity package in the form of stock options.

Benefits

  • Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.
  • Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.
  • Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.
  • Remote Work: We are a 100% remote company. Enjoy the flexibility to work in the way that supports you and brings out your best.
  • Competitive Compensation: We offer competitive salary, equity and benefits. Our benefits include health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave.

Additional Information
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

Category
Human Resources

Apply Now
Share this job:
Twitter Facebook Linkedin Email