Security & Compliance Analyst

Hi, we’re CompanyCam. We’re a simple-to-use photo documentation and productivity app for contractors of all commercial and home services industries. Packed with intuitive functionality, CompanyCam facilitates unparalleled communication and accountability across a contractor’s entire business. We’re committed to providing a consumer-grade, game-changing experience that helps our users build trust within their company and with their customers. But don’t let that corporate description fool you—the people behind our buttoned-up product are laid-back (but hardworking), genuine, and kickass, and you could be one of them! The Role Security and compliance at CompanyCam isn't a checkbox exercise. It's a business-critical function that sits at the intersection of engineering, product, and leadership, and this role is at the center of it. As our Security & Compliance Analyst, you'll own our continuous compliance monitoring program, administering our Vanta Professional instance, driving alignment across NIST CSF 2.0 and SOC 2 Type II, and translating raw security data into risk intelligence that leadership can actually act on. You'll be the connective tissue between technical teams and the business, keeping compliance moving without slowing anyone down. If you're someone who sees compliance as an asset rather than overhead, this one's for you. Location: You must live and work permanently in the U.S. to be considered.

What You'll Do

Administer CompanyCam's Vanta Professional instance, maintaining automated test coverage, resolving broken integrations, and keeping the compliance dashboard accurate and up to date Own our NIST CSF 2.0 and SOC 2 Type II framework alignment, mapping controls efficiently across both frameworks and closing gaps as they surface Identify and route compliance gaps, triaging remediation tasks to the right owners and tracking through to resolution Maintain evidence libraries and audit trails required for SOC 2 Type II readiness and annual audits Prepare risk reporting for the Enterprise Risk Committee, translating technical vulnerabilities and control gaps into clear, prioritized business risk language Own the risk register, supporting risk scoring, trending, and remediation tracking alongside the Security & Compliance Lead Conduct vendor security assessments and maintain the third-party risk inventory Own the intake and response process for inbound security questionnaires from customers and partners Act as the cross-functional liaison between Security & Compliance and engineering, IT, and business teams on compliance obligations and remediation timelines Support security awareness initiatives, user access reviews, and ongoing compliance program activities The Impact You'll Have At CompanyCam, your work makes a real impact. Whether you're writing code, supporting customers, or designing experiences, your contributions directly shape the product we deliver and the people we serve. We're building something that helps real people solve real problems—and we believe that kind of work is best done by a team that reflects the world around us. In this role, you’ll drive impact by: Keeping our compliance program running in real time, so we're always audit-ready and never scrambling when it counts Acting as the connective tissue between Security & Compliance and the rest of the business, making sure remediation actually gets done Protecting the trust our customers place in us by maintaining a rigorous vendor risk program and responding to security questionnaires with confidence Helping CompanyCam grow responsibly by building the compliance foundation that lets us pursue bigger deals and more sophisticated customers What You'll Bring 3 to 5 years of experience in GRC, security compliance, or information security Hands-on experience with Vanta (or a comparable platform like Drata or Tugboat Logic), including keeping automated evidence collection running and troubleshooting when things break Direct experience with a SOC 2 Type II audit lifecycle, from readiness all the way through report issuance Working knowledge of NIST CSF 2.0 and the ability to map controls across multiple frameworks Enough cloud infrastructure knowledge to have a real conversation with an engineer about control implementation (you don't need to build it, just understand it) Strong analytical skills, with the ability to take raw vulnerability data and turn it into something a non-technical leader can understand and act on A continuous growth-mindset, with a focus on learning, embracing challenges, and continuously improving. A knack for creativity and innovation, bringing fresh ideas to the table and solving complex problems. Benefits & Compensation This is a salaried position at CompanyCam. Our starting salary range is $110,000 - $125,000 per year and is based on experience. We also offer meaningful equity and other benefits. CompanyCam is an equal-opportunity employer committed to respect, inclusion, and growth. We work hard, take responsibility, and support each other. Great ideas come from all backgrounds, and we carefully consider every applicant without regard to personal characteristics or traits. Even if your work experience doesn’t align perfectly, we encourage you to apply. What really matters to us is your potential, your passion, and your commitment to learning, innovation, and contributing meaningfully to our team. For any accommodations or technical issues related to the online application or interview process, please email [email protected] and we’ll respond promptly. Please do not include any medical or health information in your message. Note: Resumes sent to this email will not be reviewed or responded to. To be considered for a position, you must apply directly through our careers page. Apply To This Job