Security Compliance Analyst
Content + Source + Freshness • 11 Dec 2025 • 95% confidence
Offer value
A solid opportunity based on job stability in a fast-growing startup, competitive compensation, and the chance to influence compliance strategies.
- Salary range: $95,000 - $150,000
- Challenging role with high responsibility levels
- Potential for significant impact in developing compliance measures
Pros
- Competitive salary range ($95,000 - $150,000) reflecting the industry's standards.
- Opportunity to work at a rapidly expanding company with well-known clients.
- Engagement in meaningful compliance work that shapes the company's security policies.
Cons
- The role requires experience that may not be applicable to all candidates.
- Potentially high workload with regulatory and compliance pressures.
- Limited remote work environment due to the hybrid model.
Who it's for
Mid-Level • Hybrid/office with some remote work
Good fit
- Mid-career professionals in GRC or cybersecurity
- Candidates looking to enhance compliance knowledge
- Individuals eager to work in innovative tech environments
Not recommended for
- Newcomers to the field or those without relevant experience
- Candidates focused solely on remote employment
- Individuals unprepared for a startup's demands and fast pace
Motivation fit
Key skills
About the job
Location
San Francisco
Employment Type
Full time
Location Type
Hybrid
Department
Engineering
The simple task of buying software, services, or tools at work has become hopelessly complicated at even the most innovative companies in the world. Today, enterprises spend $120T+ per year globally (>30 times larger than annual consumer e-commerce spend) and rely on vendors more than ever before to run their businesses.
Our cofounders started Zip in 2020 to address this seemingly intractable problem with a purpose-built procurement platform that provides a simple, consumer-grade user experience. Within the last 4 years, Zip has created a new category and developed the leading solution in this $50B+ TAM space. Today, the world’s leading companies like OpenAI, Snowflake, Anthropic, Coinbase, and Prudential rely on Zip to manage billions of dollars in spend.
We have a world-class team coming from category-defining companies like Airbnb, Meta, Stripe, Salesforce, Apple, and Google. With a $2.2 billion valuation and $370 million in funding from Y Combinator, Tiger Global, BOND, DST Global, and CRV, we’re focused on developing cutting-edge technology, expanding into new global markets, and—above all–driving incredible value for our customers. Join us!
Your Role
The Security & Compliance team at Zip is committed to providing a high level of security assurance to customers, aligning security goals with business objectives and customer requirements. As a GRC Analyst at Zip, you’ll be a key driver for ensuring the success of compliance programs at a fast-growing company. Your contributions will be pivotal to the overall growth and competitive edge of Zip’s GRC program. You’ll ensure we can securely and compliantly build new features, help design and scale the compliance programs that power our expansion, from supporting new certifications to enabling secure AI development and entry into new markets like the EU and U.S. Federal sector.
You Will
Drive and perform periodic compliance-related activities, such as user access reviews, internal audits, and third party risk management
Develop, implement, and improve core compliance projects, such as leading security awareness training initiatives and helping drive adoption of best practices across the company
Curate responses for customer due diligence and security questionnaires and maintain our security knowledge base
Collaborate with internal stakeholders and external auditors to support third party audits including SOC 1, SOC 2, and ISO 27001
Develop, maintain, and lead the adoption of security policies, standards, and guidelines to ensure compliance with applicable regulatory requirements
Qualifications
Bachelor’s degree in a related field
2+ years of experience in GRC, information security consulting, cybersecurity risk, audits, or similar roles
Strong written and verbal communication skills with both technical and non-technical stakeholders
Familiarity with and participation in one or more of the following frameworks: ISO 27001, SOC 1, SOC 2, FedRAMP, PCI DSS
Familiarity with information security fundamentals for cloud software systems
Nice to Haves
Professional certifications in information security are a plus but not required
The salary range for this role is $95,000 - $150,000. The salary for this position is determined based on a variety of job-related factors that may include location, relevant experience, education, or particular skills and expertise.
Perks & Benefits
At Zip, we’re committed to providing our employees with everything they need to do their best work.
📈 Start-up equity
🦷 Full health, vision & dental coverage
🍽️ Catered lunches & dinners for SF employees
🚍 Commuter benefit
🚠 Team building events & happy hours
🌴 Flexible PTO
💻 Apple equipment plus home office budget
💸 401k plan
We're looking to hire Zipsters and that means hiring people who take ownership, communicate openly, have an underdog mindset, and are excited to increase the pace of innovation for every business in the world. We encourage all candidates to apply even if your experience doesn't exactly match up to our job description. We are committed to building a diverse and inclusive workspace where everyone (regardless of age, religion, ethnicity, gender, sexual orientation, and more) feels like they belong. We look forward to hearing from you!
