This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

We’re looking for a detail-oriented, Governance, Risk & Compliance Analyst to help scale our security and trust function as we grow. In this role, you’ll play a key part in supporting customer and prospect security reviews, assessing third-party vendor risk, and continuously improving how we identify and manage risk across the business.

This is an individual contributor role with no initial people-management responsibilities. However, as the risk and compliance function matures, there is a clear opportunity for this role to grow in scope and responsibility.

You’ll work closely with Security, Engineering, Legal, Sales, and Customer teams, acting as a trusted partner in communicating our security posture and ensuring we meet customer and regulatory expectations.

What You'll Do

• Support customers and prospects by completing technical security questionnaires, risk assessments, and due-diligence requests
• Partner with Sales and Customer teams to explain XBOW’s security controls, architecture, and compliance posture
• Assess and manage third-party and vendor security risk, including reviews of SaaS providers and service partners
• Help maintain and improve risk assessment frameworks, methodologies, and documentation
• Track and support remediation of identified risks in collaboration with internal stakeholders
• Contribute to compliance initiatives aligned with frameworks such as SOC 2 and ISO 27001
• Maintain clear, well-structured risk registers, policies, and supporting evidence
• Coordinate risk management sessions and processes
• Identify opportunities to streamline and automate risk and compliance processes as the company scales
• Support audits, customer reviews, and internal assurance activities as needed

Qualifications

• 3–5+ years of experience in risk, compliance, security assurance, or related roles
• Hands-on experience completing or reviewing technical security questionnaires and customer risk assessments
• Familiarity and experience with common security and compliance frameworks (e.g. SOC 2, ISO 27001, NIST, FedRAMP)
• Comfortable assessing technical controls and working with engineers to understand system architecture
• Experience conducting or supporting vendor / third-party risk assessments
• Strong written communication skills, with the ability to explain complex security concepts clearly
• Highly organized and detail-oriented, with a pragmatic approach to risk
• Comfortable working in a fast-moving, remote-first startup environment

Bonus Points

• Experience working in a SaaS or security-focused company
• Security or risk certifications (e.g. CRISC, SOC2, ISO 27001 Lead Implementer, FedRAMP)
• Experience supporting a company through audit readiness or first-time compliance efforts

Benefits

• Competitive salary and meaningful stock options
• Opportunity to learn from and collaborate with top security and AI experts
• Work on complex technical challenges that support the foundation of our company
• Work from anywhere, with regular opportunities to meet in person

Hiring Process

• Talent Introduction
• HM Interview
• Security Knowledge Interview
• Final Interview as needed