*This is an existing vacancyABOUT THE ROLELegal teams worldwide trust Spellbook with sensitive, confidential, and privileged information, and we're looking for a
Compliance Analyst to help us hold up our end of that trust. You'll build, implement, and scale Spellbook's US compliance program across government, healthcare, financial services, and other regulated customers - operationalizing framework requirements, preparing for audits and assessments, maintaining audit-quality evidence, and pushing government compliance initiatives forward with urgency.
You'll partner closely with our Director of Security & IT and work cross-functionally with Engineering, Legal, Sales, and Customer Success. This is a hands-on execution role for someone who can translate complex frameworks, regulations, and customer requirements into practical internal processes that keep Spellbook moving quickly and responsibly.
RESPONSIBILITIES• Implement and maintain US compliance program initiatives across government, healthcare, financial services, and enterprise SaaS customer requirements.
• Drive readiness, implementation, and ongoing maintenance for frameworks such as TX-RAMP, GovRAMP, FedRAMP, HIPAA, SOC 2, and other security or privacy compliance obligations.
• Manage compliance operations in platforms like Vanta - evidence collection, control monitoring, policy tracking, vendor documentation, employee compliance tasks, and audit-readiness workflows.
• Coordinate with external auditors, assessors, consultants, legal advisors, and certification bodies through every phase of an engagement.
• Lead government compliance initiatives, including control mapping, gap assessments, documentation packages, system descriptions, policy updates, and customer-facing compliance responses.
• Maintain compliance artifacts including policies, procedures, risk registers, control narratives, system inventories, access reviews, training records, and audit evidence.
• Track regulatory, framework, and customer requirement changes and translate them into practical updates to internal controls and workflows.
• Partner with Sales and Customer Success on security questionnaires, public sector procurement requirements, and regulated customer due diligence.
• Define repeatable compliance workflows for intake, triage, ownership, escalation, documentation, reporting, and remediation.
• Use AI, automation, and compliance tooling to reduce manual work, improve evidence quality, and accelerate program execution.
• Support with other responsibilities and projects as required.
QUALIFICATIONS• Experience in compliance, security assurance, GRC, audit, risk management, privacy, or a related function - ideally supporting a SaaS, cloud, AI, legaltech, fintech, healthtech, or public sector environment.
• Familiarity with security and compliance frameworks such as SOC 2, ISO 27001, NIST 800-53, NIST CSF, HIPAA, FedRAMP, TX-RAMP, or GovRAMP.
• Hands-on experience collecting audit evidence, maintaining control documentation, tracking remediation, and supporting internal or external assessments.
• Experience using compliance automation or GRC platforms such as Vanta, Linear, or similar tools.
• Strong ability to read framework requirements, customer obligations, and regulatory guidance and convert them into actionable project plans.
• Experience partnering with technical teams to understand systems, access controls, data flows, infrastructure, cloud environments, and security control implementation.
• Excellent written and verbal communication skills, with the ability to explain compliance requirements in plain English to technical, legal, business, and executive audiences.
• Highly organized and comfortable managing multiple compliance workstreams, deadlines, audits, and stakeholder dependencies at the same time.
• Pragmatic at distinguishing high-priority compliance risks from lower-impact administrative issues, and able to move with urgency in ambiguous environments.
• US Citizenship and a non-expired US Passport or state-issued REAL ID driver's license.
NICE TO HAVES• Experience supporting or implementing TX-RAMP, GovRAMP, FedRAMP, or other public sector cloud compliance initiatives.
• Experience with HIPAA compliance, healthcare customer requirements, BAAs, ePHI safeguards, or healthcare security assessments.
• Direct experience working with 3PAOs, external auditors, government assessors, or public sector procurement teams.
• Experience with NIST 800-53 control mapping, SSPs, POA&Ms, continuous monitoring, authorization boundaries, customer responsibility matrices, or audit evidence packages.
• Certifications such as CISA, CRISC, CISM, CISSP, CCSK, ISO 27001 Lead Implementer/Auditor, CIPP/US, or similar.
WHY JOIN SPELLBOOK?- Embrace autonomy and accountability in a flexible work environment; we focus on outcomes and empower you to determine how to get the job done
- Access our company-paid group benefits for you and your family, with $1,000 towards mental health support
- Disconnect during our holiday closure and take advantage of our generous time off policies throughout the year
- Enjoy monthly paid meals, an annual wellness allowance to support your well-being and parental leave top-ups as your family grows
- Secure your stake in our success; you'll receive competitive stock option grants as a pivotal early employee
