GRC Compliance Analyst (AI)

TL;DR

GRC Compliance Analyst (AI): Scaling compliance frameworks and ensuring a continuously audit-ready state for an AI infrastructure platform with an accent on SOC 2 and ISO 27001. Focus on automating evidence collection, managing external audits, and streamlining customer security inquiries.

Location: Hybrid: Must be based in Barcelona or Madrid, Spain

Company

Infrastructure for enterprises to build and orchestrate autonomous AI workforces, backed by a16z and Y Combinator.

What you will do

• Maintain and improve compliance posture for SOC 2 Type II and ISO 27001, and assist in the roadmap for HIPAA and GDPR.
• Administer GRC platforms (Vanta, Drata) to automate evidence collection and monitor control health.
• Lead external audit cycles, serving as the primary interface between auditors and internal technical teams.
• Own the security questionnaire process and maintain a Trust Center to accelerate sales cycles.
• Conduct internal risk assessments and vendor security reviews to ensure supply chain standards.

Requirements

• 1–3 years of experience in GRC, IT Audit, or Security Compliance.
• Proven experience working with SOC 2 or ISO 27001.
• Ability to understand technical security controls (encryption, IAM, CI/CD, cloud logs).
• Prior experience with GRC automation platforms such as Vanta or Drata.
• Exceptional written and verbal communication in English.

Nice to have

• Prior experience in a high-growth SaaS startup.
• CISA, CRISC, or similar professional certifications.
• Basic understanding of cloud infrastructure (AWS/GCP).

Culture & Benefits

• Opportunity to work at a high-growth AI startup backed by top-tier investors.
• High level of ownership and autonomy to lead projects and ship fast.
• Competitive compensation including salary and equity.
• Culture based on extreme ownership, craftsmanship, and meritocracy.