Cresta

Compliance Analyst

Cresta$160K — $180K *
US-AnywhereRemote in United States
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 4+ years in security governance, IT audit, or security compliance management
  • 3+ years of program management experience
  • Proven track record with external audits like SOC 2 Type II and HIPAA
  • Hands-on technical experience with software integrations
  • Familiarity with AWS, GCP, and Azure cloud environments
  • Strong relationship-building skills with business leads and regulators
  • Experience in fast-growing cloud-native SaaS startups

Responsibilities

  • Lead customer-facing security discussions and manage security review lifecycles
  • Conduct risk assessments to identify and address compliance gaps
  • Oversee SOC 2 Type II, ISO 27001/27701/42001, and PCI-DSS audit processes
  • Perform internal audits and maintain associated documentation
  • Assess compliance gaps as the company enters new markets
  • Provide security awareness training for new hires and ongoing staff
  • Enhance vendor risk management processes and frameworks

Benefits

  • Comprehensive medical, dental, and vision coverage
  • Flexible PTO policy
  • Paid parental leave for new parents
  • Retirement savings plan
  • Remote work setup budget
  • Wellness and communication stipend
  • In-office meal program and commuter benefits for onsite employees
Full Job Description
About the role:

Interested in defining how AI shapes the future of work? Cresta is on a mission to make every knowledge worker 100x as effective, 10x faster and 10x better. Cresta is focused on using AI to help the workforce, not replace them. Cresta uses our patented Expertise AI to uncover expert insights from every conversation and put those insights into action with real-time coaching during customer conversations. We're growing fast! Spun out of the Stanford AI lab and chaired by Google-X founder Sebastian Thrun, Cresta launched in 2020. Since then, we've grown revenue and our team by 300%! We've assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors and advisors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Porsche, Adobe, and Dropbox and we have been recognized as a startup to watch by Business Insider, Forbes, and Gartner to name a few. We have huge ambitions and are looking for stellar candidates who have an entrepreneurial mindset and are excited to use cutting-edge AI to solve real-world business problems. Cresta is seeking a passionate individual with solid security engineering experience to support the security & compliance team and enable growing global data protection and cybersecurity efforts.

Responsibilities:
  • Lead and manage all customer-facing security conversations, partnering cross-functionally to ensure timely resolution of issues and seamless execution of the security review lifecycle within sales deals.
  • Perform risk assessments to identify gaps, come up with recommendations, and drive the gaps to remediation.
  • Streamline and lead SOC 2 Type II, ISO 27001/27701/42001, PCI-DSS, TISAX, HIPAA, and FedRAMP audit processes.
  • Perform internal audits and keep the necessary documentation updated as required for audits.
  • Perform risk assessments to identify gaps, come up with recommendations, and drive the gaps to remediation.
  • Streamline and lead SOC 2 Type II, ISO 27001/27701/42001, PCI-DSS, TISAX, HIPAA and FedRAMP audit processes.
  • Perform internal audits and keep the necessary documentation updated as required for audits.
  • Perform gap assessments against new regions and target industry markets to comply with compliance regulations as the company expands.
  • Conduct new-hire and annual security awareness training to educate personnel and re-iterate security and compliance requirements.
  • Oversee and continuously improve the vendor risk management framework, ensuring effective identification, assessment, and mitigation of third-party risks.
  • Establish metrics to track compliance program effectiveness and to report risk.
  • Interface with both technical (Engineering/Product) and non-technical (Sales/Marketing/Customer Success) teams.
  • Respond to customer RFIs, questions, audits and technical documentation requests.
  • Help build our common control framework and drive adoption of the framework within the organization.
  • Build and automate processes to achieve continuous compliance over the technology control environment.
  • Assist with sales and marketing materials representing product security and compliance.
Qualifications We Value:
  • 4+ years of experience in security governance, IT audit, or security compliance management
  • 3+ years of program management, with experience in affecting technology decisions
  • End-to-end experience going through SOC 2 Type II, HITRUST, HIPAA, TISAX, ISO 27001/27701/42001, FedRAMP, and PCI-DSS external audits
  • Experience in a hands-on technical role, with basic understanding of software implementation and integration
  • Experience with cloud environments on AWS, GCP, Azure
  • A track record of building relationships and credibility with business leads, external partners, and regulators through collaborative and independent programs
  • Experience managing competing efforts and requirements
  • Experience with fast-growing cloud native SaaS start-ups
  • Bonus: Experience with building GRC engineering tooling
  • Bonus: Experience with AI security frameworks such as AIUC


Perks & Benefits:

We offer a comprehensive and people-first benefits package to support you at work and in life:
  • Comprehensive medical, dental, and vision coverage with plans to fit you and your family
  • Flexible PTO to take the time you need, when you need it
  • Paid parental leave for all new parents welcoming a new child
  • Retirement savings plan to help you plan for the future
  • Remote work setup budget to help you create a productive home office
  • Monthly wellness and communication stipend to keep you connected and balanced
  • In-office meal program and commuter benefits provided for onsite employees

Compensation at Cresta

Cresta's approach to compensation is simple: recognize impact, reward excellence, and invest in our people. We offer competitive, location-based pay that reflects the market and what each individual brings to the table.

The posted base salary range represents what we expect to pay for this role in a given location. Final offers are shaped by factors like experience, skills, education, and geography. In addition to base pay, total compensation includes equity and a comprehensive benefits package for you and your family.

Salary Range: $160,000 - $180,000 + Offers Equity

About Cresta

Cresta is a London-based technology company that specializes in artificial intelligence for the insurance industry. The company was founded in 2017 and provides AI-powered solutions for underwriting, claims, and customer service. Cresta's platform uses machine learning algorithms to analyze data and provide insights to insurers. The company has partnerships with several insurance companies including MetLife and Swiss Re. Cresta has received funding from a number of investors including Greycroft, Deepcore, and Wemind.
Learn more about Cresta
Size
50 employees
Industry
Founded
2017
5 Year Trend
+80%
Revenue
$10 million
NASDAQ

Similar Jobs

More Jobs at Cresta

More Information Technology Jobs

Find similar Compliance Analyst jobs: