Senior Risk and Compliance Analyst

Mytra

$145K — $160K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of experience in risk management, compliance, or related operational roles
  • Knowledge of SOC 2 and ISO 27001 compliance frameworks
  • Strong organizational skills capable of managing multiple priorities and deadlines
  • Excellent verbal and written communication skills for interacting with various stakeholders
  • Detail-oriented with a focus on quality in documentation and evidence review
  • Ability to collaborate across teams and build productive working relationships
  • Comfortable in a fast-paced, evolving startup environment

Responsibilities

  • Act as primary liaison with external auditors for SOC 2 and ISO 27001 coordination
  • Oversee audit evidence collection from internal teams and deliver complete packages to auditors
  • Manage Security Committee operations and distribute pre-read materials
  • Co-administer Mytra's Vanta GRC platform to maintain audit readiness
  • Ensure transparency in security tasks and updates across the organization
  • Monitor security initiatives to keep them on schedule and address blockers
  • Conduct vendor security reviews and prepare recommendations

Benefits

  • Competitive compensation and equity grants
  • Fully subsidized health coverage including dental and vision for employees and their dependents
  • Generous PTO including a mandatory winter break
  • Subsidized lunch and snacks at the office
  • 401(k) with employer contributions and life insurance
  • Commuter benefits up to $150 monthly
  • Access to a modern office-lab space and onsite gym facilities
Full Job Description
About the Role:

As a Senior Risk and Compliance Analyst at Mytra, you will join the Security team during a critical period of growth, customer expansion, and security program maturation. Our team is building the operational foundation for scalable security governance, SOC 2 and ISO 27001 readiness, customer trust, vendor risk management, and transparent execution across company-wide security initiatives.

The ideal candidate is developing professional expertise in risk and compliance, can apply company policies and defined procedures to a variety of security and compliance issues, and can manage moderate-scope work with judgment, organization, and clear escalation. You will work closely with internal stakeholders, external auditors, vendors, customers, and the Security Committee to keep security work moving, organized, and visible.

What you'll do:
  • Serve as the primary operational liaison between Mytra and external security certification auditors for SOC 2 and ISO 27001, helping coordinate requests, timelines, evidence packages, and follow-ups
  • Own audit evidence collection workflows, including gathering evidence from internal teams, checking evidence quality, organizing materials, tracking status, and delivering complete packages to auditors
  • Manage Security Committee operations, including pre-read material distribution, real-time meeting notes, committee organization tooling, recurring security activity tracking, and follow-through on personal and distributed tasks
  • Serve as co-admin / co-owner of Mytra's Vanta GRC platform, helping maintain system organization, evidence workflows, control mappings, user access coordination, and audit readiness activities
  • Maintain transparency across security-related work by communicating tasks, risks, status, decisions, and updates to the Security team, Security Committee, and broader company audiences as appropriate
  • Track major security initiatives and help ensure they remain on schedule by maintaining clear workback plans, surfacing blockers early, and coordinating with owners across functions
  • Perform third-party security reviews for prospective vendor partners, including intake, questionnaire review, evidence assessment, risk documentation, and recommendation preparation
  • Support customer security reviews for prospective and existing customers by coordinating responses, collecting accurate information, managing review artifacts, and helping ensure timely completion
  • Manage recurring security policy updates so policies remain current, accurate, and aligned with company standards, security commitments, and evolving compliance needs
  • Interview Mytra staff to understand real operating procedures, document pertinent processes, and integrate those procedures into the security policy and procedure stack
  • Research potential new security tooling, compare options across multiple vendors, and provide clear summaries of tradeoffs, costs, risks, implementation considerations, and recommendations
  • Schedule and coordinate security-related meetings with internal and external stakeholders, ensuring the right people, materials, context, and follow-ups are in place
Ideal Candidates:
  • Have experience in security, compliance, risk management, GRC, audit readiness, vendor risk, customer security reviews, or a related operational role
  • Understand the basics of SOC 2, ISO 27001, security policies, audit evidence, control ownership, and compliance documentation, with a desire to deepen expertise over time
  • Are highly organized and can manage multiple recurring activities, deadlines, requests, meetings, and follow-ups without losing details
  • Communicate clearly and proactively with internal teams, external auditors, vendors, and customers, translating security and compliance needs into practical next steps
  • Exercise sound judgment within defined procedures and know when to escalate ambiguity, risk, blockers, or decisions that require security leadership input
  • Build productive working relationships across functions and are comfortable interviewing staff, asking precise questions, and turning operational knowledge into clear written procedures
  • Are detail-oriented and quality-minded, especially when reviewing evidence, updating policies, preparing auditor materials, or responding to customer and vendor security requests
  • Are comfortable operating in a fast-paced startup environment where processes are evolving and strong documentation, ownership, and follow-through matter
  • Have strong written communication skills and can produce clear, structured documentation for policies, procedures, meeting notes, task trackers, review summaries, and decision records
  • Demonstrate a collaborative, team-first mindset with the confidence to ask questions, raise concerns early, and help create visibility across the security program
Nice to have:
  • Experience supporting SOC 2, ISO 27001, or similar security certification programs
  • Familiarity with GRC tools, ticketing systems, knowledge bases, vendor review platforms, or audit evidence management workflows
  • Experience coordinating committees, governance forums, recurring compliance activities, or cross-functional operating cadences
  • Prior exposure to customer security questionnaires, vendor due diligence, risk registers, control testing, or policy lifecycle management
  • Experience researching and comparing security tools across multiple vendors and presenting practical recommendations to technical and non-technical stakeholders
  • Interest in robotics, industrial automation, hardware/software systems, supply chain technology, or security for complex electro-mechanical systems


Benefits Include:
  • Competitive compensation and equity grants at a high-growth company backed by top-tier VCs
  • Fully subsidized health coverage, including medical (baseline plans), dental, and vision for employees and dependents
  • 401(k) plans and employer-subsidized life insurance
  • Fully subsidized lunch and snacks at HQ-we eat and share stories together at the "long" table
  • Generous PTO and company-paid holidays, including one week over the winter break so everyone can recharge together
  • Voluntary pet insurance, Voluntary Life Insurance, Accident, Critical Illness, and Hospital Indemnity
  • Fully subsidized tax advisory services and education to help you understand your equity
  • Commuter benefits, including a up to $150 monthly commuter benefit
  • Lively, modern combined office and lab space where we rapidly iterate through design, build, and test phases
  • Fully equipped onsite gym and showers at headquarters


Pay Notice:

Compensation for this position will be set based on the candidate's experience level and location. The posted salary band is applicable only to the San Francisco Bay Area and is subject to change.

This role requires on-site presence at our Brisbane, CA headquarters, for close collaboration with the other teams.

The pay range for this role is:

145,000 - 160,000 USD per year (Mytra, Inc.)

Similar Jobs

More Jobs at Mytra

More Information Technology Jobs

Find similar Senior Risk and Compliance Analyst jobs: