Note: The job is a remote job and is open to candidates in USA. Calendly is a rapidly growing company that provides scheduling software solutions. As a Senior Compliance and Risk Analyst, you will own and mature the compliance program, ensuring certifications like SOC 2 and ISO 27001 while developing scalable processes that support the business's growth.
Responsibilities
- Own and manage the organization's compliance program, including SOC 2 and ISO 27001 readiness, certification, and ongoing maintenance
- Develop and execute a compliance roadmap aligned with business objectives, regulatory requirements, and organizational risk appetite
- Lead internal and external audits by coordinating evidence collection, managing auditor relationships, and driving timely remediation of findings
- Monitor changes in regulatory and industry frameworks, assessing their impact on the organization's compliance program
- Own the enterprise risk management process, including risk identification, assessment, treatment planning, and ongoing monitoring
- Conduct periodic risk assessments and partner with stakeholders to identify control gaps and prioritize remediation activities
- Develop and present compliance metrics, risk dashboards, and executive reports for senior leadership
- Design, document, and improve internal controls aligned with SOC 2, ISO 27001, and other applicable frameworks
- Lead control testing, including evidence collection, effectiveness validation, remediation tracking, and continuous improvement
- Expand and mature the organization's common controls framework to support evolving compliance requirements
- Administer and optimize compliance automation platforms, improving workflow efficiency and reducing manual effort
- Perform User Access Reviews (UARs) and support continuous compliance monitoring through automation and reporting
- Partner with Engineering, Security, Product, Legal, HR, and Operations to integrate compliance into business processes and product development
- Develop training, playbooks, and self-service resources that empower teams to meet compliance requirements efficiently
- Manage multiple compliance initiatives simultaneously while ensuring projects remain on schedule and stakeholders stay informed
Skills
- 5+ years of experience in compliance, risk management, audit, or Governance, Risk, and Compliance (GRC) roles within a technology or SaaS environment
- Experience owning or leading compliance programs supporting frameworks such as SOC 2 and ISO 27001
- Working knowledge of security and privacy frameworks including NIST, ISO 27001, GDPR, and HIPAA
- Experience administering compliance automation platforms such as Drata, Vanta, Tugboat Logic, or similar solutions
- Experience performing User Access Reviews (UARs) using GRC or compliance automation platforms
- Strong understanding of internal controls, risk assessment methodologies, and audit processes
- Demonstrated ability to manage multiple initiatives and deliver results in a fast-paced environment
- Excellent project management, analytical, and problem-solving skills
- Strong communication skills with the ability to translate technical and regulatory requirements into practical business solutions
- Proven ability to collaborate effectively with technical and non-technical stakeholders across the organization
- Experience leveraging AI to improve compliance processes or automate workflows
- Experience scaling compliance programs within a high-growth SaaS organization
- Hands-on experience developing or expanding a common controls framework
- Advanced expertise configuring compliance automation platforms, including integrations, custom controls, and reporting
- Familiarity with additional compliance frameworks such as PCI DSS, FedRAMP, or other industry standards
- Experience developing compliance training, awareness programs, or self-service enablement resources
- Professional certifications such as CISA, CRISC, CISSP, CCSK, or equivalent
Benefits
- All full-time (30 hours/week) employees are also eligible for our Top Performer Bonus program (or Sales incentive)
- Equity awards
- Competitive benefits
Company Overview