Job Specifications
Get to Know Us
Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs.
We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results.
As a remote first company, we require minimum 25Mbps consumer grade broadband connection.
What You’ll Do
We are seeking a skilled Senior Compliance Analyst with strong experience in Governance, Risk, and Compliance (GRC) to join our growing Security team. As a cybersecurity company, we take compliance, privacy, and third-party risk seriously. This role will serve as a subject matter expert for compliance and data privacy, and will play a critical role in maintaining trust with customers, regulators, and partners. You will manage inbound customer security requests, lead audit preparation activities, and drive continuous improvements in our compliance program.
This role is instrumental in helping us scale and mature our Compliance and Data Privacy capabilities while maintaining a strong security posture across the organization.
This role will be responsible for…..
Compliance & Audit Management
Serve as the internal lead for SOC 2 Type II compliance efforts, including control mapping, evidence collection, and audit coordination.
Maintain and improve the control environment to ensure continuous compliance with SOC 2 and other applicable frameworks such as but not limited to ISO:27001, NIST AI RMF, DORA, and NIST 800-53.
Collaborate with cross-functional teams (Engineering, IT, Legal, HR) to implement and validate control requirements.
Data Privacy Compliance
Oversee the organization’s privacy program to ensure compliance with GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state data privacy laws.
Maintain records of processing activities (RoPAs), manage data subject access requests (DSARs), and conduct privacy impact assessments (PIAs).
Work closely with Legal and Product teams to advise on privacy-by-design and ensure data minimization and transparency practices.
Vendor Risk Management
Own and manage the third-party risk management lifecycle, including onboarding reviews, periodic reassessments, and contract/privacy reviews.
Conduct security and privacy due diligence on new vendors and partners supporting the SaaS product.
Maintain a current inventory of vendors, subprocessors, and associated risk assessments.
Customer Assurance
Serve as the primary point of contact for responding to customer security questionnaires, RFPs, and due diligence requests.
Leverage existing documentation (e.g., SOC 2 report, pen test, whitepapers, DPA) and collaborate with technical teams to provide accurate and timely responses.
Assist Sales, Customer Success, and Legal with deal acceleration by enabling trust in our security and compliance posture.
What You’ll Bring
4–6+ years of experience in security compliance, risk, or privacy—preferably in a B2B SaaS or cybersecurity company.
Deep understanding of compliance frameworks (e.g., SOC2, ISO:27001, NIST AI RMF, NIST 800-53, etc.) and experience leading annual audits.
Expertise in GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. data privacy laws.
Strong working knowledge of third-party risk management practices and vendor due diligence processes.
Experience responding to security questionnaires, RFPs, and customer audits.
Familiarity with common SaaS infrastructure (e.g., AWS, Okta, MDM, SIEM, DLP, etc.).
Excellent communication skills and the ability to translate complex compliance concepts for both technical and non-technical stakeholders.
Certifications such as CIPP/US, CIPT, CISA, CRISC, or ISO Lead Implementer are a strong plus.
What Sets You Apart?
You’ve led multiple SOC 2 Type II audits from start to finish and know how to navigate both the auditor's requirements and the business's operational realities.
You have a deep working knowledge of global and U.S. privacy laws, including GDPR, CCPA/CPRA, and stay ahead of the evolving regulatory landscape.
You're a trusted partner across Sa