Horizon3.ai

www.horizon3.ai

1 Job

309 Employees

About the Company

The NodeZero® platform empowers your organization to continuously find, fix, and verify your exploitable attack surface. Reduce your security risk by autonomously finding weaknesses in your network, knowing how to prioritize and fix them, and immediately verifying that your fixes work. NodeZero delivers production-safe autonomous pentests and other key assessment operations that scale across your largest internal, external, cloud, and hybrid cloud environments. No required agents, no code to write, and no consultants to hire. We are a fusion of former U.S. Special Operations cyber operators, startup engineers, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools, false positives resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants.

Listed Jobs

Company Name: Horizon3.ai
Job Title: Senior Compliance Analyst
Job Description: Job title: Senior Compliance Analyst Role Summary: Lead the development and execution of the organization’s compliance, privacy, and third‑party risk programs, driving SOC 2 Type II readiness, privacy law adherence (GDPR, CCPA/CPRA, EU AI Act, U.S. state laws), and vendor risk management in a B2B SaaS cybersecurity environment. Expactations: • 4–6+ years of experience in security compliance, risk, or privacy, ideally within SaaS or cybersecurity. • Proven track record leading SOC 2 Type II audits from planning through completion. • Deep knowledge of SOC 2, ISO 27001, NIST AI RMF, NIST 800‑53, DORA, and U.S. privacy laws. • Strong vendor due diligence background and experience managing third‑party risk lifecycle. • Excellent communication skills across technical and business stakeholders. Key Responsibilities: • Own SOC 2 Type II compliance program: control mapping, evidence collection, audit coordination, and continuous improvement. • Maintain and enhance the control environment for SOC 2, ISO 27001, NIST AI RMF, NIST 800‑53, DORA, and related frameworks. • Lead the privacy program: GDPR, CCPA/CPRA, EU AI Act compliance, records of processing activities, DSARs, privacy impact assessments, and privacy‑by‑design initiatives. • Manage the third‑party risk lifecycle: onboarding reviews, periodic reassessments, contract and privacy reviews, inventory maintenance. • Act as the primary liaison for customer security questionnaires, RFPs, and due diligence requests; provide timely, accurate documentation. • Collaborate with Engineering, IT, Legal, HR, Sales, and Customer Success to embed controls and support deal acceleration. Required Skills: • Governance, Risk, and Compliance (GRC) expertise. • Strong knowledge of SOC 2, ISO 27001, NIST AI RMF, NIST 800‑53, DORA, GDPR, CCPA/CPRA, EU AI Act, U.S. state privacy laws. • Vendor risk assessment and management proficiency. • Experience with SaaS infrastructure: AWS, Okta, MDM, SIEM, DLP. • Audit coordination and evidence documentation. • Stakeholder communication and training. Required Education & Certifications: • Bachelor’s degree in Information Security, Computer Science, Business, or related field. • Professional certifications preferred: CIPP/US, CIPP/E, CMDP, CISA, CRISC, CISSP, or ISO 27001 Lead Implementer.