Senior Compliance Analyst

Get to Know Us

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs.

We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results.

As a remote first company, we require minimum 25Mbps consumer grade broadband connection.

What You’ll Do

We are seeking a skilled Senior Compliance Analyst with strong experience in Governance, Risk, and Compliance (GRC) to join our growing Security team. As a cybersecurity company, we take compliance, privacy, and third-party risk seriously. This role will serve as a subject matter expert for compliance and data privacy, and will play a critical role in maintaining trust with customers, regulators, and partners. You will manage inbound customer security requests, lead audit preparation activities, and drive continuous improvements in our compliance program.

This role is instrumental in helping us scale and mature our Compliance and Data Privacy capabilities while maintaining a strong security posture across the organization.

This role will be responsible for…..

• Compliance & Audit Management

  • Serve as the internal lead for SOC 2 Type II compliance efforts, including control mapping, evidence collection, and audit coordination.

  • Maintain and improve the control environment to ensure continuous compliance with SOC 2 and other applicable frameworks such as but not limited to ISO:27001, NIST AI RMF, DORA, and NIST 800-53.

  • Collaborate with cross-functional teams (Engineering, IT, Legal, HR) to implement and validate control requirements.

• Data Privacy Compliance

  • Oversee the organization’s privacy program to ensure compliance with GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state data privacy laws.

  • Maintain records of processing activities (RoPAs), manage data subject access requests (DSARs), and conduct privacy impact assessments (PIAs).

  • Work closely with Legal and Product teams to advise on privacy-by-design and ensure data minimization and transparency practices.

• Vendor Risk Management

  • Own and manage the third-party risk management lifecycle, including onboarding reviews, periodic reassessments, and contract/privacy reviews.

  • Conduct security and privacy due diligence on new vendors and partners supporting the SaaS product.

  • Maintain a current inventory of vendors, subprocessors, and associated risk assessments.

• Customer Assurance

  • Serve as the primary point of contact for responding to customer security questionnaires, RFPs, and due diligence requests.

  • Leverage existing documentation (e.g., SOC 2 report, pen test, whitepapers, DPA) and collaborate with technical teams to provide accurate and timely responses.

  • Assist Sales, Customer Success, and Legal with deal acceleration by enabling trust in our security and compliance posture.

What You’ll Bring

• 4–6+ years of experience in security compliance, risk, or privacy—preferably in a B2B SaaS or cybersecurity company.

• Deep understanding of compliance frameworks (e.g., SOC2, ISO:27001, NIST AI RMF, NIST 800-53, etc.) and experience leading annual audits.

• Expertise in GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. data privacy laws.

• Strong working knowledge of third-party risk management practices and vendor due diligence processes.

• Experience responding to security questionnaires, RFPs, and customer audits.

• Familiarity with common SaaS infrastructure (e.g., AWS, Okta, MDM, SIEM, DLP, etc.).

• Excellent communication skills and the ability to translate complex compliance concepts for both technical and non-technical stakeholders.

• Certifications such as CIPP/US, CIPT, CISA, CRISC, or ISO Lead Implementer are a strong plus.

What Sets You Apart?

• You’ve led multiple SOC 2 Type II audits from start to finish and know how to navigate both the auditor's requirements and the business's operational realities.

• You have a deep working knowledge of global and U.S. privacy laws, including GDPR, CCPA/CPRA, and stay ahead of the evolving regulatory landscape.

• You're a trusted partner across Sales, Legal, Security, and Engineering—balancing compliance rigor with practical business execution.

• You’ve built or managed a vendor risk management program and know how to evaluate technical controls, assess privacy risk, and communicate findings clearly.

• When faced with a massive security questionnaire or RFP, you know how to cut through complexity, collaborate with SMEs, and deliver confident, timely responses.

• You hold industry-recognized certifications like CIPP/US, CISA, or ISO 27001 Lead Implementer, demonstrating your commitment to professionalism and subject matter expertise..

Compensation and Values

At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.

In accordance with various State’s transparency regulations, we provide the following salary range information for this position:

• Base salary range: $90,000 - $130,000 annually. The exact salary will be determined based on the selected candidate’s location, qualifications, experience, and relevant skills.

• Additional compensation: All full-time roles are eligible for an equity package in the form of stock options.

Perks of Horizon3.ai

• Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.

• Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.

• Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.

• Remote Work: We are a 100% remote company. Enjoy the flexibility to work in the way that supports you and brings out your best.

• Competitive Compensation: We offer competitive salary, equity and benefits. Our benefits include health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave.

You Belong Here

Horizon3 is not just an equal opportunity employer - we are a community that values diversity, equity, and inclusion as fundamental principles of our culture and success. We are dedicated to fostering a workplace where everyone feels welcome and respected, regardless of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, hair length or any other legally protected status by law.

Our commitment to diversity and inclusion means we strive to attract, develop, and retain a workforce that reflects the varied communities we serve. We believe that diverse perspectives drive innovation and strengthen our ability to create cutting-edge cybersecurity solutions. At Horizon3, every team member is valued and supported in an environment that encourages personal and professional growth.

We welcome candidates from all backgrounds and experiences, and we encourage all qualified individuals to apply. Come be a part of Horizon3, where your unique contributions are recognized, and your potential is limitless.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.

Application Note

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.