Senior Staff Security Governance & Compliance Analyst

About the Role

We are looking for a sharp automation-first Compliance Engineer to join our Governance Risk & Compliance (GRC) this role you will own the technical side of our compliance programme designing and operating systems that continuously verify our security controls collect evidence automatically and keep us audit-ready at all times.

You will work at the intersection of security engineering and regulatory compliance leveraging AI-powered and agentic tooling to replace manual point-in-time audit work with real-time scalable assurance. If you love turning compliance from a periodic scramble into an always-on engineering discipline this role is built for you.

Key Responsibilities

Compliance Automation & Continuous Assurance

• Design build and maintain automated pipelines for controls testing across SOC 2 Type II ISO 27001 and other applicable frameworks.
• Develop scripts integrations and workflows that continuously collect validate and store compliance evidence from cloud infrastructure SaaS tools CI/CD pipelines and endpoint systems.
• Implement AI and agentic tools (e.g. LLM-based classification autonomous agents) to interpret data flag control deviations and draft audit narratives reducing manual effort.
• Build and maintain a compliance-as-code library so controls are versioned testable and auditable.

Frameworks & Audit Readiness

• Serve as an internal SME for SOC 2 (Trust Services Criteria) and ISO 27001 / 27701 control mapping.
• Maintain a continuously updated control inventory and evidence repository ready for external auditor review at any point in the year.
• Coordinate with external auditors during annual assessments; own the evidence pack preparation and auditor Q&A.
• Identify control gaps through automated gap assessments and drive remediation with engineering and product teams.

GRC Programme Development

• Contribute to the design and evolution of the companys internal assurance programme including risk assessment methodologies and control effectiveness metrics.
• Develop dashboards and executive-level reporting that show real-time compliance posture across all frameworks.
• Advise on vendor and third-party risk assessments including security questionnaire automation.
• Stay current on emerging regulations and integrate new requirements into the automation stack.

Required Qualifications

Experience

• 5 years of experience in information security with a minimum of 3 years focused on GRC compliance engineering or security assurance.
• Demonstrable experience designing or operating a SOC 2 or ISO 27001 compliance programme including evidence collection and audit support.
• Hands-on experience writing automation scripts (Python NodeJS or similar) to interact with cloud APIs (AWS GCP or Azure) SaaS platforms or SIEM/log aggregation tools.
• Experience integrating AI or ML tooling into operational workflows including working with LLM APIs prompt engineering or building agentic pipelines using frameworks.

Certifications (at least one required)

• CISSP Certified Information Systems Security Professional
• CISA Certified Information Systems Auditor
• CISM Certified Information Security Manager
• ISO 27001 Lead Auditor or Lead Implementer
• CompTIA Security or equivalent (acceptable as a secondary certification)

Technical Skills

• Proficiency in Python for automation; familiarity with REST APIs webhooks and data pipelines.
• Working knowledge of cloud-native security services (AWS Config AWS Security Hub Azure Policy GCP SCC) and how they map to compliance controls.
• Experience with GRC platforms (Vanta Drata Tugboat Logic OneTrust or equivalent) and ideally extending them via API or custom integrations.
• Understanding of IAM encryption logging vulnerability management and change management controls in a cloud-first environment.

Preferred Qualifications

• Experience building agentic workflows where an AI system autonomously gathers evidence tests controls and surfaces exceptions with minimal human intervention.
• Background in a high-growth SaaS fintech or B2B technology company where compliance was a commercial differentiator.
• Experience with Infrastructure-as-Code tools (Terraform) and how policy guardrails integrate with deployment pipelines.

About Us

Diligent is the AI leader in governance risk and compliance (GRC) SaaS solutions helping more than 1 million users and 700000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk build greater resilience and make better decisions faster.

Learn more or follow us onLinkedInandFacebook

What Diligent Offers You

• Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
• We care about our people.Diligent offers a flexible work environment global days of service comprehensive health benefits meeting free days generous time off policy and wellness programsto name a few
• We have teams all over the world. We may be headquartered in New York City but we have office hubs in Washington D.C. Vancouver London Galway Budapest Munich Bengaluru Singapore and Sydney.
• Diversity is important to us. Growing maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team facilitate dialogue and foster understanding.

Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology insights and connections they need to drive greater impact and accountability to lead with purpose. Our employees are passionate smart and creative people who not only want to help build the software company of the future but who want to make the world a more sustainable equitable and better place.

Headquartered in New York Diligent has offices in Washington D.C. London Galway Budapest Vancouver Bengaluru Munich Singapore and Sydney. To foster strong collaboration and connection this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations you will be expected towork onsite at least 50% of the time.We believe that in-person engagement helps drive innovation teamwork and a strong sense of community.

_{We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race color religious creed sex national origin ancestry citizenship status pregnancy childbirth physical disability mental disability age military status protected veteran status marital status registered domestic partner or civil union status gender (including sex stereotyping and gender identity or expression) medical condition (including but not limited to cancer related or HIV/AIDS related) genetic information or sexual orientation in accordance with applicable federal state and local also consider qualified applicants regardless of criminal histories consistent with legal requirements. See alsoDiligents EEO Policy and Know Your are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability you may contact us at .}

_{To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.}