Security & Compliance Analyst

Hi, we're CompanyCam.We're a simple-to-use photo documentation and productivity app for contractors of all commercial and home services industries. Packed with intuitive functionality, CompanyCam facilitates unparalleled communication and accountability across a contractor's entire business. We're committed to providing a consumer-grade, game-changing experience that helps our users build trust within their company and with their customers.But don't let that corporate description fool you—the people behind our buttoned-up product are laid-back (but hardworking), genuine, and kickass, and you could be one of them!The RoleSecurity and compliance at CompanyCam isn't a checkbox exercise. It's a business-critical function that sits at the intersection of engineering, product, and leadership, and this role is at the center of it. As our Security & Compliance Analyst, you'll own our continuous compliance monitoring program, administering our Vanta Professional instance, driving alignment across NIST CSF 2.0 and SOC 2 Type II, and translating raw security data into risk intelligence that leadership can actually act on. You'll be the connective tissue between technical teams and the business, keeping compliance moving without slowing anyone down. If you're someone who sees compliance as an asset rather than overhead, this one's for you.Location: You must live and work permanently in the U.S. to be considered.What You'll DoAdminister CompanyCam's Vanta Professional instance, maintaining automated test coverage, resolving broken integrations, and keeping the compliance dashboard accurate and up to dateOwn our NIST CSF 2.0 and SOC 2 Type II framework alignment, mapping controls efficiently across both frameworks and closing gaps as they surfaceIdentify and route compliance gaps, triaging remediation tasks to the right owners and tracking through to resolutionMaintain evidence libraries and audit trails required for SOC 2 Type II readiness and annual auditsPrepare risk reporting for the Enterprise Risk Committee, translating technical vulnerabilities and control gaps into clear, prioritized business risk languageOwn the risk register, supporting risk scoring, trending, and remediation tracking alongside the Security & Compliance LeadConduct vendor security assessments and maintain the third-party risk inventoryOwn the intake and response process for inbound security questionnaires from customers and partnersAct as the cross-functional liaison between Security & Compliance and engineering, IT, and business teams on compliance obligations and remediation timelinesSupport security awareness initiatives, user access reviews, and ongoing compliance program activitiesThe Impact You'll HaveAt CompanyCam, your work makes a real impact. Whether you're writing code, supporting customers, or designing experiences, your contributions directly shape the product we deliver and the people we serve. We're building something that helps real people solve real problems—and we believe that kind of work is best done by a team that reflects the world around us. In this role, you'll drive impact by:Keeping our compliance program running in real time, so we're always audit-ready and never scrambling when it countsActing as the connective tissue between Security & Compliance and the rest of the business, making sure remediation actually gets doneProtecting the trust our customers place in us by maintaining a rigorous vendor risk program and responding to security questionnaires with confidenceHelping CompanyCam grow responsibly by building the compliance foundation that lets us pursue bigger deals and more sophisticated customersWhat You'll Bring3 to 5 years of experience in GRC, security compliance, or information securityHands-on experience with Vanta (or a comparable platform like Drata or Tugboat Logic), including keeping automated evidence collection running and troubleshooting when things breakDirect experience with a SOC 2 Type II audit lifecycle, from readiness all the way through report issuanceWorking knowledge of NIST CSF 2.0 and the ability to map controls across multiple frameworksEnough cloud infrastructure knowledge to have a real conversation with an engineer about control implementation (you don't need to build it, just understand it)Strong analytical skills, with the ability to take raw vulnerability data and turn it into something a non-technical leader can understand and act onA continuous growth-mindset, with a focus on learning, embracing challenges, and continuously improving.A knack for creativity and innovation, bringing fresh ideas to the table and solving complex problems.Benefits & CompensationThis is a salaried position at CompanyCam. Our starting salary range is $110,000 - $125,000 per year and is based on experience. We also offer meaningful equity and other benefits.CompanyCam is an equal-opportunity employer committed to respect, inclusion, and growth. We work hard, take responsibility, and support each other. Great ideas come from all backgrounds, and we carefully consider every applicant without regard to personal characteristics or traits. Even if your work experience doesn't align perfectly, we encourage you to apply. What really matters to us is your potential, your passion, and your commitment to learning, innovation, and contributing meaningfully to our team.For any accommodations or technical issues related to the online application or interview process, please email jobs@companycam.com and we'll respond promptly. Please do not include any medical or health information in your message.Note: Resumes sent to this email will not be reviewed or responded to. To be considered for a position, you must apply directly through our careers page.