Security Compliance Analyst

Trust is a product at Bland.

As we work with more regulated customers and deploy AI into critical business workflows, compliance can’t be a static, checkbox-driven function. It has to move at the same speed as our product, our customers, and our GTM motion.

The main thing about this role, is we are looking for someone with high potential, and a desire to become great. We’re looking for someone who thrives in ambiguity and ownership, someone who can take evolving regulatory requirements, auditor questions, and internal controls and turn them into scalable, automated, and machine-readable compliance systems. You’ll sit at the intersection of security, engineering, and go-to-market, helping Bland earn and maintain trust while building modern compliance infrastructure that scales with the business.

This role reports directly to our CIO, Juan. Juan was CIO at both Twilio and Rackspace, where he took both companies public. You will have direct access to one of the world’s highest level operators in this space. This role will also give you high visibility and real influence over how trust, compliance, and risk scale across the company.

This is a builder’s role for someone excited about automating compliance, leveraging AI, and treating audits like systems.

What You’ll Do

• Coordinate and execute third-party assessments (e.g., SOC 2, ISO, customer audits), acting as the primary point of contact for auditors and internal stakeholders.

• Prepare and maintain certification and authorization packages, including the System Security Plan (SSP) and supporting documentation.

• Design and coordinate recurring compliance activities such as access reviews, incident response exercises, and contingency plan testing

• Create and manage automated compliance workflows that streamline evidence collection, reporting, and audit readiness.

• Design and implement AI-enabled compliance workflows that reduce manual effort and improve signal quality.

• Support the development and maintenance of structured, machine-readable compliance documentation that integrates cleanly with internal systems and external partners.

• Work closely with Engineering, Security, and GTM teams to embed compliance data into Bland’s broader risk and monitoring ecosystem

• Support the development of customer-facing materials, security documentation, and external communications related to certifications, authorizations, and trust posture. Helping translate compliance work into clear customer value.

• Monitor new and evolving regulatory, privacy, and security requirements. Perform gap analyses and help drive remediation in a pragmatic, execution-focused way.

Must-Have Qualifications

• 1–3 years of experience in cybersecurity, audit, risk, compliance, or GRC-related roles.

• Hands-on experience supporting audits, assessments, or compliance programs (SOC 2, ISO, NIST, etc.)

• Experience using automation or AI tools (e.g., SecurityPal AI or similar) to streamline compliance workflows.

• Familiarity with privacy and regulatory frameworks such as GDPR, CCPA, and key NIST standards.

• Strong organizational skills and attention to detail.

• Builder’s mindset. You enjoy improving broken or manual processes and leaving systems better than you found them.
Clear written and verbal communication skills, especially when working with auditors, engineers, and non-technical partners.

• Comfort operating in a fast-moving, high-growth environment with evolving requirements.

Nice-to-Haves

• Experience in regulated industries.

• Familiarity with risk management tooling, ticketing systems, or internal security workflows.

• Curiosity about how AI can be applied to compliance, trust, and security operations.

• Prior startup experience or comfort working without a rigid playbook.

Remember that even if you do not have all of these requirements but you feel this role is an excellent fit for what you want to do, don't be afraid to apply. This is in person five days a week in San Francisco.