GRC Compliance Analyst at Happyrobot.ai

ABOUT HAPPYROBOT HappyRobot is the infrastructure for enterprises to build and orchestrate AI workforces. Our AI workers don't just communicate - they make decisions, take action, and run operations autonomously across voice, email, and enterprise systems. Born in Y Combinator (S23) and backed by a16z and Base10 with over $60M raised, we power critical operations for global enterprises worldwide.   Our platform is battle-tested in the most demanding environments - where AI has real consequences. We started in logistics, built our own voice stack, models, and orchestration layer from the ground up, and are now bringing that infrastructure to every enterprise that runs the real economy. Learn more about our vision in our manifesto. [Upgrade to PRO to see link] ABOUT THE ROLE We are looking for a GRC Analyst to join our Security team. Your mission is to scale our compliance frameworks and ensure we maintain a "continuously audit-ready" state. You will own the day-to-day operations of our GRC platform, manage evidence collection, and act as the primary point of contact for customer security inquiries and external audits. This is a technical GRC role: you won’t just be checking boxes; you will be working with engineers to automate evidence and ensure our security controls are robust and well-documented. WHAT YOU’LL DO - Framework Management: Maintain and improve our compliance posture for SOC 2 Type II and ISO 27001. Assist in the roadmap for future certifications (e.g., HIPAA, GDPR). - GRC Automation: Administer our GRC platform (e.g., Vanta, Drata) to automate evidence collection and monitor control health in real-time. - Audit Coordination: Lead external audit cycles, acting as the main interface between auditors and our internal technical teams. - Customer Trust: Own the security questionnaire process. Build and maintain a "Trust Center" or Knowledge Base to accelerate sales cycles by providing accurate security documentation to prospects. - Risk Management: Conduct internal risk assessments and vendor security reviews to ensure our supply chain meets HappyRobot’s standards. MUST-HAVES - 1–3 years of experience in GRC, IT Audit, or Security Compliance. - Proven experience working with SOC 2 or ISO 27001 (end-to-end audit experience is a plus). - Ability to understand technical security controls (encryption, IAM, CI/CD, cloud logs) and explain them to non-technical stakeholders. - Prior experience with GRC automation platforms (Vanta, Drata, Secureframe, or similar). - Exceptional written and verbal communication in English. You will be drafting auditor-facing evidence and customer-facing security responses. NICE-TO-HAVES - Prior experience in a high-growth SaaS startup. - CISA, CRISC, or similar certifications. - Basic understanding of cloud infrastructure (AWS/GCP). WHY JOIN US? - Opportunity to work at a high-growth AI startup, backed by top investors. - Rapidly growing and backed by top investors including a16z, Y Combinator, and Base10. - Ownership & Autonomy - Take full ownership of projects and ship fast. - Top-Tier Compensation - Competitive salary + equity in a high-growth startup. - Work With the Best - Join a world-class team of engineers and builders   OUR OPERATING PRINCIPLES Extreme Ownership We take full responsibility for our work, outcomes, and team success. No excuses, no blame-shifting — if something needs fixing, we own it and make it better. This means stepping up, even when it’s not “your job.” If a ball is dropped, we pick it up. If a customer is unhappy, we fix it. If a process is broken, we redesign it. We don’t wait for someone else to solve it — we lead with accountability and expect the same from those around us.   Craftsmanship Putting care and intention into every task, striving for excellence, and taking deep ownership of the quality and outcome of your work. Craftsmanship means never settling for “just fine.” We sweat the details because details compound. Whether it’s a product feature, an internal doc, or a sales call — we treat it as a reflection of our standards. We aim to deliver jaw-dropping customer experiences by being curious, meticulous, and proud of what we build — even when nobody’s watching.   We are “majos” Be friendly & have fun with your coworkers. Always be genuine & honest, but kind. “Majo” is our way of saying: be a good human. Be approachable, helpful, and warm. We’re building something ambitious, and it’s easier (and more fun) when we enjoy the ride together. We give feedback with kindness, challenge each other with respect, and celebrate wins together without ego.   Urgency with Focus Create the highest impact in the shortest amount of time. Move fast, but in the right direction. We operate with speed because time is our most limited resource. But speed without focus is chaos. We prioritize ruthlessly, act decisively, and stay aligned. We aim for high leverage: the biggest results from the simplest, smartest actions. We’re running a high-speed marathon — not a sprint with no strategy.   Talent Density and Meritocracy Hire only people who can raise the average; ‘exceptional performance is the passing grade.’ Ability trumps seniority. We believe the best teams are built on talent density — every hire should raise the bar. We reward contribution, not titles or tenure. We give ownership to those who earn it, and we all hold each other to a high standard. A-players want to work with other A-players — that’s how we win.   First-Principles Thinking Strip a problem to physics-level facts, ignore industry dogma, rebuild the solution from scratch. We don’t copy-paste solutions. We go back to basics, ask why things are the way they are, and rebuild from the ground up if needed. This mindset pushes us to innovate, challenge stale assumptions, and move faster than incumbents. It’s how we build what others think is impossible.   The personal data provided in your application and during the selection process will be processed by Happyrobot, Inc., acting as Data Controller. By sending us your CV, you consent to the processing of your personal data for the purpose of evaluating and selecting you as a candidate for the position. Your personal data will be treated confidentially and will only be used for the recruitment process of the selected job offer. In relation to the period of conservation of your personal data, these will be eliminated after three months of inactivity in compliance with the GDPR and legislation on the protection of personal data. If you wish to exercise your rights of access, rectification, deletion, portability or opposition in relation to your personal data, you can do so through [Upgrade to PRO to see contact] subject to the GDPR. For more information, visit [Upgrade to PRO to see link] By submitting your request, you confirm that you have read and understood this clause and that you agree to the processing of your personal data as described.