GRC Compliance Analyst

ABOUT HAPPYROBOT HappyRobot is the infrastructure for enterprises to build and orchestrate AI workforces. Our AI workers don't just communicate - they make decisions, take action, and run operations autonomously across voice, email, and enterprise systems. Born in Y Combinator (S23) and backed by a16z and Base10 with over $60M raised, we power critical operations for global enterprises worldwide.   Our platform is battle-tested in the most demanding environments - where AI has real consequences. We started in logistics, built our own voice stack, models, and orchestration layer from the ground up, and are now bringing that infrastructure to every enterprise that runs the real economy. Learn more about our vision in our manifesto. https://www.happyrobot.ai/blog/manifesto ABOUT THE ROLE We are looking for a GRC Analyst to join our Security team. Your mission is to scale our compliance frameworks and ensure we maintain a "continuously audit-ready" state. You will own the day-to-day operations of our GRC platform, manage evidence collection, and act as the primary point of contact for customer security inquiries and external audits. This is a technical GRC role: you won’t just be checking boxes; you will be working with engineers to automate evidence and ensure our security controls are robust and well-documented. WHAT YOU’LL DO - Framework Management: Maintain and improve our compliance posture for SOC 2 Type II and ISO 27001. Assist in the roadmap for future certifications (e.g., HIPAA, GDPR). - GRC Automation: Administer our GRC platform (e.g., Vanta, Drata) to automate evidence collection and monitor control health in real-time. - Audit Coordination: Lead external audit cycles, acting as the main interface between auditors and our internal technical teams. - Customer Trust: Own the security questionnaire process. Build and maintain a "Trust Center" or Knowledge Base to accelerate sales cycles by providing accurate security documentation to prospects. - Risk Management: Conduct internal risk assessments and vendor security reviews to ensure our supply chain meets HappyRobot’s standards. MUST-HAVES - 1–3 years of experience in GRC, IT Audit, or Security Compliance. - Proven experience working with SOC 2 or ISO 27001 (end-to-end audit experience is a plus). - Ability to understand technical security controls (encryption, IAM, CI/CD, cloud logs) and explain them to non-technical stakeholders. - Prior experience with GRC automation platforms (Vanta, Drata, Secureframe, or similar). - Exceptional written and verbal communication in English. You will be drafting auditor-facing evidence and customer-facing security responses. NICE-TO-HAVES - Prior experience in a high-growth SaaS startup. - CISA, CRISC, or similar certifications. - Basic understanding of cloud infrastructure (AWS/GCP). WHY JOIN US? - Opportunity to work at a high-growth AI startup, backed by top investors. - Rapidly growing and backed by top investors including a16z, Y Combinator, and Base10. - Ownership & Autonomy - Take full ownership of projects and ship fast. - Top-Tier Compensation - Competitive salary + equity in a high-growth startup. - Work With the Best - Join a world-class team of engineers and builders   OUR OPERATING PRINCIPLES Extreme Ownership We take full responsibility for our work, outcomes, and team success. No excuses, no blame-shifting — if something needs fixing, we own it and make it better. This means stepping up, even when it’s not “your job.” If a ball is dropped, we pick it up. If a customer is unhappy, we fix it. If a process is broken, we redesign it. We don’t wait for someone else to solve it — we lead with accountability and expect the same from those around us.   Craftsmanship Putting care and intention into every task, striving for excellence, and taking deep ownership of the quality and outcome of your work. Craftsmanship means never settling for “just fine.” We sweat the details because details compound. Whether it’s a product feature, an internal doc, or a sales call — we treat it as a reflection of our standards. We aim to deliver jaw-dropping customer experiences by being curious, meticulous, and proud of what we build — even when nobody’s watching.   We are “majos” Be friendly & have fun with your coworkers. Always be genuine & honest, but kind. “Majo” is our way of saying: be a good human. Be approachable, helpful, and warm. We’re building something ambitious, and it’s easier (and more fun) when we enjoy the ride together. We give feedback with kindness, challenge each other with respect, and celebrate wins together without ego.   Urgency with Focus Create the highest impact in the shortest amount of time. Move fast, but in the right direction. We operate with speed because time is our most limited resource. But speed without focus is chaos. We prioritize ruthlessly, act decisively, and stay aligned