Senior Compliance Advisor (Remote)

Posted:
12/17/2024, 8:53:23 AM

Experience Level(s):
Senior

Field(s):
Legal & Compliance

As a Senior Compliance Advisor at Drata, you are a customer-facing information security and compliance expert for the world’s most advanced security and compliance automation platform. Senior Compliance Advisors execute within the Customer Success function at Drata and work closely with all teams to drive fast and smooth audit readiness programs, create and deliver best practices in meeting requirements for control and privacy frameworks, and advocate on behalf of customers’ needs for a rapidly growing platform. You’ll build trust and empathy with Drata’s customers as you advise them toward a continuous and self-sufficient security, risk and compliance posture.

This position must work standard business hours in the Pacific Time Zone.

What you’ll do:

  • Advise customers in building information security policies, uploading evidence for controls and overall audit readiness as they prepare for audits and assessments against SOC2, ISO 27001/270002, HIPAA, PCI,  NIST 800-171, CMMC, FedRAMP, GDPR, CCPA, etc.
  • Primarily serve as a compliance expert via tickets and chat, in customer-facing meetings, via email and executable work for customers, and to members of our Customer Success teams.
  • Lead the development and present on GRC industry best-practices and on common compliance questions received from customers for both external and internal audiences.
  • Lead ongoing internal learning and success of our team by sharing knowledge through mentorship, research, and internal presentations.
  • Host customer-facing webinars to answer questions on audit and GRC best practices
  • Review marketing articles and blog posts for accuracy as needed.
  • Partner with Customer Success and Account Managers in providing current customers with additional compliance advisory services as needed.
  • Assist with internal GRC initiatives, such as internal audits and other compliance initiatives.
  • Engage with the Sales team, as needed, with responding to prospective customer questions.

What you’ll bring:

  • Must have 4 - 6 years of experience in performing audits and assessments for compliance programs based on SOC2 and ISO 27001/270002
  • The ideal candidate will have exposure and experience in additional frameworks such as HIPAA, PCI, GDPR, CMMC, FedRAMP, CCPA, or other major compliance and controls regulations and framework
  • Strong background and understanding of GRC (Governance, Risk, and Compliance) programs, processes, functions, and operational teams, and helping organizations design, build, and operate their risk, security, and compliance programs
  • Familiarly with GRC tools and/or cybersecurity technologies. GRC, compliance, and automation are a plus.
  • While not required, previous experience at consulting, audit, and advisory firms or at GRC/cybersecurity technology companies, is highly preferred.
  • Proven self-starter able to identify priorities, take ownership of work, and learn and advise on new compliance frameworks quickly.
  • An ability to develop and cultivate positive relationships with customers - make their day by providing the best possible guidance and customer experience
  • Desire to work at a rapidly growing startup with a team-player mindset, building and creating something from the ground up.
  • A proactive approach to managing your workload and day and ability to prioritize many different tasks and levels of responsibility
  • Constant ability to iterate and improve upon existing processes - challenge the status quo and improve upon the current state
  • A strong ability to work within a high-speed and high-volume environment 

Benefits:

  • Healthcare: 90-100% paid premiums for medical, dental, and vision plans for employee and dependents + on demand health care concierge
  • HSA, FSA, & DCFSA: Pre-tax savings plans for healthcare and dependent care, with up to a $600 annual employer contribution to the HSA plan (if enrolled in HSA medical plan)
  • 100% paid short and long term disability plus life + AD&D benefits
  • Learning & Development: $500 annually towards professional development opportunities + $250 annually towards personal development opportunities
  • Flexible Time Off: Flexible vacation policy for strong, fully charged batteries
  • 16 Weeks Paid Parental Leave: An inclusive policy to ensure you have time with your newborn, newly adopted, or foster child
  • Work Remotely: Flexible hours and work from home + $1,000 annually to cover necessary business related items for your home office
  • 401K: Reach your financial goals while reducing your taxes

This role will receive a competitive base salary, variable compensation, benefits, and stock, typically in the form of Restricted Stock Units (RSUs). The applicable range of On-Target Earnings (OTE) for each US-based role is based on where the employee works and is aligned to one of 3 tiers based on the cost of labor for that geographic area. The expected OTE ranges for this role are set forth below, subject to change. 

Tier 1: $121,600 - $150,200

Tier 2: $109,400 - $135,100

Tier 3: $97,200 - $120,100

You can view which tier applies to where you plan to work here. A variety of factors are considered when determining someone’s leveling and compensation–including a candidate’s professional background and experience. These ranges may be modified in the future and final offer amounts may vary from the amounts listed above.


 

Drata is on a mission to help build trust across the internet.

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining compliance workflows end-to-end to ensure audit readiness.

We all recognize the importance of earning and keeping the trust of our customers when it comes to protecting their data. We've felt firsthand how burdensome achieving and maintaining a strong security and compliance posture can be at a fast-growing company. It’s a manual, redundant, error-prone, and unscalable process - and it only grows more complex and expensive over time.

Our team of SaaS, security, compliance, and audit experts have built a better way - with automation.

Employment at Drata is based solely upon individual merit and qualifications directly related to professional competence. We strictly prohibit unlawful discrimination or harassment on the basis of race, color, religion, veteran status, national origin, ancestry, pregnancy status, sex, gender identity or expression, age, marital status, mental or physical disability, medical condition, sexual orientation, or any other characteristics protected by law. We also make reasonable accommodations to meet our obligations under laws protecting the rights of the disabled.