[Working Hours: Overlaps with United States business hours as needed]

SecurityPal AI is a Cybersecurity Assurance Management Platform founded in 2020 that combines AI with certified security and GRC experts to manage a wide range of security workflows, including security questionnaires, vendor assessments, audits, compliance, and Trust Centers. The platform helps organizations accelerate trust, reduce friction, and streamline every aspect of the cybersecurity assurance lifecycle.

SecurityPal's mission is to accelerate global GDP by solving the most complex security assurance challenges at scale. Backed by Craft Ventures, we are headquartered in San Francisco and operate our "Silicon Peaks" global command center in Kathmandu, Nepal. Today, we serve a diverse range of customers, from high-growth startups to publicly traded enterprises, including industry leaders such as OpenAI, Figma, and Grammarly.

About the role

As a Cybersecurity Assurance Analyst - Level 2, you will leverage AI tools alongside your expertise in security and GRC to review, analyze, and validate industry-standard Information Security documentation and audit artifacts. Your work will help clients accelerate security assessments, streamline compliance processes, improve the quality of critical security documentation, and evaluate organizational security and compliance risks. In addition, you will contribute across all four pillars of Customer Operations, utilizing AI and automation to enhance efficiency, accuracy, and customer outcomes.

Key Responsibilities

• Review, audit, and complete detailed security assessment questionnaires (RFPs, RFIs, and similar), with a thorough final quality check before customer delivery.
• Build and maintain a structured AI-ready knowledge library of compliance frameworks and regulations, tailored to client requirements.
• Deliver client-facing outputs consistently within agreed SLAs, proactively flagging risks or blockers.
• Collaborate with subject matter experts to gather technical information and keep security documentation accurate, updated, and audit-ready.
• Stay current on evolving compliance regulations and cybersecurity trends; assess their impact and help the team adapt accordingly.
• Identify gaps in processes or documentation, and communicate findings clearly to relevant stakeholders both verbally and in writing.

• Mentor and onboard new team members, helping them quickly develop confidence with client questions and internal workflows.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, Information Technology, or equivalent.
• 2+ years of experience in cybersecurity, GRC technology, or service delivery, with a track record of delivering high-quality outcomes in a fast-paced environment.
• Solid understanding of security risk management frameworks (ISO 27001, NIST, SOC 2, GDPR, etc.) and their practical application.
• Certifications such as CompTIA Security+, ISO 27001 Lead Implementer/Auditor, or similar credentials.

• Proven ability to leverage AI tools and automation platforms to improve efficiency and accuracy, or demonstrated eagerness to develop this skill.
• Knowledge and understanding of SANS, NIST, and SOC 2 information security standards.

• Excellent written and verbal communication skills; comfortable translating complex security concepts for both technical and non-technical audiences.
• Analytical mindset with strong attention to detail and the ability to spot gaps, inconsistencies, and opportunities for improvement.
  
  

We are an equal opportunity employer. We celebrate diversity and are committed to

creating an inclusive environment for all employees.