Startup Jobs
Post a Job
Laserfiche

Senior Risk and Compliance Analyst

California, U.S.
full-time

TLDR

Conduct internal audits and cloud security validation, ensuring compliance with regulatory frameworks and maintaining audit-ready documentation.

pspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Laserfiche is hiring for a Senior Risk and Compliance Analyst to support Laserfiche’s Governance, Risk and Compliance (GRC) programs through hands-on execution of internal audits, control assessments and continuous monitoring activities. This role works closely with internal stakeholders, external auditors, third-party assessment organizations (3PAOs) and the GovRAMP Program Management Office (PMO) to support compliance with applicable regulatory frameworks and customer requirements./span/pdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"This is an individual contributor role with a strong focus on audit execution, documentation, evidence validation and reporting. The Senior Risk and Compliance Analyst also performs technical validation of cloud security controls using the AWS Management Console, supports customer assurance requests and maintains compliance artifacts while partnering with ITS, Development, Legal and other teams./span/divdiv /divdiv /divdivdivdivstrongspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Location:/span/strong/divulli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Hybrid: Three days per week (Tuesday, Wednesday and Thursday) in-office in Long Beach, CA/span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Remote work from home on Mondays and Fridays/span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Periodic travel, including occasional weekend, may be required for international site audits. /span/li/ul/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivdivstrongspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"About the Role - Key Responsibilities:        /span/strong/divdiv /divdivdivspan style="text-decoration: underline;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Compliance Assessments and GovRAMP Reporting/span/span/divulli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Perform internal audits, IT general computer controls testing, application security assessments and ongoing risk assessments./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Update risk registers and track findings, corrective action plans and remediation activities. /span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Support ongoing risk reporting and metrics tracking for internal stakeholders and executive leadership./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Ensure evidence is accurate, current and audit-ready./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Coordinate and manage external audits and assessments, including evidence requests, with auditors, 3PAOs, GovRAMP PMO, FedRAMP PMO and security firms. /span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Prepare and submit continuous monitoring reports and supporting artifacts to GovRAMP./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Safeguard Laserfiche information in accordance with Laserfiche Information Security Policies./span/li/uldivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivspan style="text-decoration: underline;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Cloud Security and AWS Evidence Validation/span/span/divulli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Perform technical validation of security controls using the AWS Management Console./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Review and collect evidence related to AWS services, configurations and security controls, including IAM, logging, encryption and monitoring./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Partner with ITS and Development to validate cloud control implementation and operating effectiveness./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Support corporate and cloud security documentation and evidence mapping to NIST 800-53, ISO 27001, SOC 2, CIS controls and other applicable control frameworks and standards./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Identify control gaps or inconsistencies and escalate findings through established GRC processes./span/li/uldivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivspan style="text-decoration: underline;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Controls, Privacy and Documentation/span/span/divulli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Document, test and monitor IT, application and data privacy controls as part of an ongoing GRC program./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Maintain control matrices, control narratives and framework mappings./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Collaborate with department stakeholders and Legal to perform privacy impact assessments (PIAs) and data protection impact assessments (DPIAs)./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Support data mapping, data inventories and data privacy compliance documentation./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Update policies, procedures and standards under the direction of GRC leadership./span/li/uldivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivspan style="text-decoration: underline;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Vendor Risk Management and BC/DR/span/span/divulli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Perform vendor risk management assessments for third-party service providers. /span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Track vendor remediation activities and risk treatment plans. /span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Update business impact analyses (BIAs) and business continuity plans (BCPs). /span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Coordinate with ITS and Development on disaster recovery plan updates and testing. /span/li/uldivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivspan style="text-decoration: underline;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Customer Assurance and Sales Enablement/span/span/divulli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Respond to customer security questionnaires, RFPs and security and AI due diligence requests./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Maintain and update standard assurance artifacts such as HECVAT, CAIQ and similar documents for customer distribution./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Partner with Sales, Legal and ITS to ensure responses are accurate, consistent and approved./span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Monitor customer contractual security and compliance requirements and flag risks or gaps./span/li/ulp /pdivdivstrongspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"About You - Essential Qualifications:/span/strong/divdiv /divdivulli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Bachelor’s degree in information systems, IT audit, cybersecurity or a related degree program is required. /span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Three to seven years of experience in IT audit, GRC, cloud security compliance or related roles./lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Relevant certifications such as CISA, CRISC, CISM or AWS are required/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Hands-on experience supporting IT audits, compliance assessments or GRC programs./lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Experience with industry regulations (e.g., HIPAA, GDPR, CCPA), GovRAMP, FedRAMP, CMMC and leading frameworks such as AICPA Trust Services Criteria, NIST 800-53 and ISO 27001./lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Practical experience navigating the AWS Management Console for security and compliance evidence collection and understanding key AWS security concepts./lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Strong technical skills in auditing, controls and cybersecurity; Big Four experience a plus./lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Excellent communication, presentation and negotiation skills, with the ability to influence internal and external stakeholders and write policies and controls documentation./lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Exceptional organizational and program management skills with a keen attention to detail./li/ul/div/div/div/div/divdiv /divdiv /divdivdivdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"The salary range varies, and pay is based on several factors including but not limited to education, certifications (if applicable), candidate’s geographic region, job-related knowledge, skills and years of experience amongst other factors. /span/divulli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"$106,000 - $140,000 per year/span/li/uldivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivstrongspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Perks Benefits at a Glance                                  /span/strong/divulli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Generous time off:/spanulli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"15 Days of Vacation/span/li/ululli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"3 Floating Holidays/span/li/ululli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"2 Paid Volunteer Days/span/li/ululli style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"9 Paid Holidays/span/li/ul/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Hybrid Work Environment/span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Free Parking: covered and EV charging stations/span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Various 401 (k) Investment Options and Generous Company Match/span/lili style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"HMO and PPO Medical Care Options /span/li/uldivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Applicants must be authorized to work for Laserfiche in the United States on a full-time basis without the need for employer sponsorship. We are unable to sponsor new employment visas, or take over sponsorship of existing employment visas, at this time./span/divdivbr /strongspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"About Us/span/strongbr /divspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Laserfiche is a global leader in intelligent document management and business process automation, dedicated to helping organizations drive digital transformation. Headquartered in Long Beach, California, Laserfiche empowers businesses of all sizes—from dynamic startups to Fortune 500 enterprises—to accelerate productivity, improve collaboration, and deliver exceptional customer experiences./span/divdivbr /span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Through scalable workflows, customizable digital forms, and AI-powered automation, the Laserfiche platform enables teams to simplify complex processes and operate with greater efficiency. Our no-code solutions empower employees to innovate, adapt quickly, and make data-driven decisions that move their organizations forward./spanbr /span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /spanbr /span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"With a strong global presence and offices across North America, Europe, and Asia, Laserfiche is recognized for its commitment to innovation, quality, and customer success. Our people-first culture fosters professional growth, continuous learning, and collaboration—making Laserfiche a place where talented individuals can shape the future of digital enterprise technology./span/div/divdivbr /span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Learn more about our team a href="https://laserfiche1.wistia.com/medias/xelunw23au"here/a. /span/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivbr /span style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"a href="https://www.laserfiche.com/"Laserfiche /acomplies with all Equal Opportunity and Affirmative Action regulations. Laserfiche makes all employment decisions – such as recruiting, hiring, training, promotion, compensation, professional development practices, discipline and termination – without regard to race, religion, color, national origin, ancestry, citizenship, sex, pregnancy, age, creed, physical or mental disability, medical condition, genetic characteristic, marital status, veteran status, gender identity/expression, sexual orientation or any other characteristic protected by law, except as may be permitted by law.                                                       /span/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"a href="https://www.laserfiche.com/"Laserfiche/a provides reasonable accommodations for applicants with disabilities upon request. For more information, please contact Talent Acquisition at a href="https://www.laserfiche.com/contact/"a target="url" href="https://www.laserfiche.com/contact/"https://www.laserfiche.com/contact//a/a or 562-988-1688. /span/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, and the Los Angeles Fair Chance Initiative for Hiring Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, meet client expectations, standards, and accompanying requirements, and safeguard business operations and company reputation. /span/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;" /span/divdivspan style="font-size: 12.0pt;font-family: sans-serif , arial , helvetica;"#LI-Hybrid/span/divdiv /divdiv /divdiv /divdiv /div/div/div

Benefits

Health Insurance

HMO and PPO Medical Care Options

401(k) Match

Various 401 (k) Investment Options and Generous Company Match

Paid Time Off

9 Paid Holidays

 Laserfiche

Laserfiche builds powerful solutions for intelligent document management and business process automation, helping organizations enhance productivity and streamline operations. Its platform caters to a diverse customer base, from startups to large enterprises, and distinguishes itself with no-code solutions that enable users to innovate and adapt quickly. By incorporating AI-powered automation and customizable workflows, Laserfiche simplifies complex processes, allowing teams to focus on delivering exceptional results.

Website LinkedIn
View all jobs
Salary
$106,000 – $140,000 per year
Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Compliance Analyst Q&A's
Report this job
Apply for this job