About the Role
You will be the operational engine of AlphaSense's compliance program, owning end-to-end evidence collection and auditor engagement across ISO 27001, SOC 2, and ISO 42001 certifications. You'll serve as the primary operational liaison between AlphaSense and external assessors throughout Stage 1, Stage 2, and surveillance cycles, partnering with control owners across Engineering, IT, and Legal to keep the company continuously audit-ready. You'll bring an AI-native mindset, using AI tools to accelerate evidence gathering, draft control narratives, identify documentation gaps, and replace manual toil with intelligent workflows, while applying rigorous judgment to validate every output you ship. This is an opportunity to help define what modern compliance looks like, building practices that can influence how compliance is done industry-wide.
Requirements
- 6+ years of experience in GRC, information security, risk management, or IT audit, preferably in a SaaS or cloud-native environment
- Strong understanding of security and compliance frameworks including SOC 2, ISO 27001, NIST CSF 2.0, and CIS Controls; working knowledge of ISO 42001 and NIST AI RMF
- AI-native mindset using AI tools for real substantive work including analysis, drafting, evidence gathering, and workflow automation
- Proficiency with GRC platforms for evidence management and control testing (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)
- Familiarity with cloud environments (AWS, Azure, or GCP) and security and compliance posture tooling (CSPM, SIEM, identity platforms)
- Experience supporting external audits across security or privacy domains, including evidence collection, control walkthroughs, and auditor interaction
- Ability to interpret technical controls and translate findings into compliance, risk, and policy documentation
- Working knowledge of risk registers, control libraries, and policy governance lifecycles
- Working knowledge of privacy and data protection requirements (GDPR, CCPA/CPRA)
- Strong written communication, analytical thinking, and attention to detail
- Hands-on experience managing end-to-end audit evidence collection across ISO 27001, SOC 2 Type II, or equivalent frameworks
- Direct operational experience working with external auditors as the primary compliance or audit liaison
- Automation-first mentality with demonstrated experience working in an organization with automated evidence collection
- Demonstrated use of AI tools to accelerate compliance work with a clear practice of validating AI output before it ships
- Experience maintaining policy governance lifecycles from drafting through distribution, attestation, and version control
- Strong organizational skills and ability to manage multiple concurrent audit workstreams
Responsibilities
- Own the full evidence collection lifecycle across all active audit and continuous compliance cycles
- Coordinate with control owners to gather validate and organize evidence artifacts in the GRC platform
- Use AI-assisted workflows to pre-stage evidence flag stale artifacts and reduce manual burden
- Serve as the primary operational point of contact for external auditors during Stage 1 Stage 2 and surveillance audits
- Manage auditor portals respond to RFIs and track open items to closure
- Perform ongoing monitoring and periodic testing of implemented controls
- Document control effectiveness identify gaps and work with control owners to remediate deficiencies
- Map findings to applicable framework requirements across SOC 2 ISO 27001 and ISO 42001
- Contribute to transitioning point-in-time control testing toward continuous automated validation
- Maintain and update security policies standards and procedures
- Ensure documentation is version-controlled accessible and demonstrably distributed and attested to
- Identify and implement opportunities to use AI tools to streamline evidence gathering control narrative drafting audit preparation and gap analysis
- Validate AI output for accuracy completeness and confidentiality before anything ships
- Support compliance efforts related to AI regulations and standards including EU AI Act ISO 42001 and NIST AI RMF
- Assist with risk assessments documentation and audit evidence for AI governance controls
- Collaborate with Engineering and Product to ensure secure and responsible use of generative AI tools
- Partner with Engineering IT Legal and Product to ensure control ownership is clear and evidence is readily available
- Provide risk and control guidance on post-implementation reviews and remediation activities