Governance, Risk, Compliance & Trust Analyst
About the role
Independently drive moderately complex trust, compliance, and risk workstreams that help Everlaw scale responsibly and earn customer and regulator trust.
Responsibilities
- Support audit readiness across FedRAMP, SOC 2, and ISO 27001/27017/27018 by organizing evidence, maintaining documentation quality, and partnering with control owners to close gaps.
- Manage compliance operations requiring structured follow-through, including evidence requests, policy and procedure updates, control narrative maintenance, and recurring review cycles.
- Partner cross-functionally with Security Engineering, DevOps, IT, Legal, People, Procurement, and other stakeholders to gather inputs, validate implementation details, and produce audit-ready or stakeholder-ready outputs.
- Maintain strong execution against defined compliance SLAs, milestones, and recurring obligations, escalating risks early and driving issues through resolution.
- Translate technical, operational, and regulatory topics into clear written deliverables for internal and external audiences, including concise summaries of requirements, risks, tradeoffs, and recommendations.
- Support internal risk and governance processes, including security impact analyses, change-related compliance reviews, and other structured review workflows as assigned.
- Contribute to the ongoing operation of the Public Sector Clearance Program, to include guiding new cohorts through the program, maintaining status and tracking open issues, and communicating program updates to Everlaw stakeholders.
- Manage customer security questionnaires, trust inquiries, and related diligence requests with minimal supervision, including researching answers, validating claims, gathering evidence, and producing accurate, customer-ready responses.
- Maintain and improve customer-facing trust content across repositories, trust portals, knowledge resources, and standard response libraries so that recurring requests can be answered more consistently and efficiently.
- Partner closely with Security Engineering, DevOps, Legal, GTM, Product, IT, and other stakeholders to collect inputs, resolve ambiguities, and ensure trust responses reflect current implementation and approved positioning.
- Identify gaps, inconsistencies, or stale content in trust materials and proactively drive updates so that customer-facing representations remain accurate, supportable, and easy to reuse.
- Support broader trust enablement initiatives, including trust center improvements, evidence library maintenance, standardization of response content, and process improvements that reduce manual effort and rework.
- Manage customer security questionnaire and trust inquiry workflows with minimal supervision, including researching answers, synthesizing evidence, improving repository content, and helping stakeholders receive timely and accurate responses.
- Own end-to-end delivery of moderately complex vendor review workstreams, including intake review, scoping, dependency management, stakeholder coordination, and timely completion with limited oversight.
- Conduct security and compliance reviews of third parties by gathering and analyzing documentation such as security questionnaires, architecture details, data flow information, attestations, policies, and contractual commitments.
- Partner with Procurement, Legal, Security Engineering, IT, business owners, and other stakeholders to validate proposed use cases, clarify data access patterns, and ensure risks are understood before onboarding or renewal decisions are made.
- Determine whether vendor controls, architecture, access models, and contractual terms are appropriate for the intended use case, and clearly document identified gaps, assumptions, compensating controls, and recommended next steps.
- Own end-to-end delivery of moderately complex security training program workstreams, including planning, content coordination, stakeholder alignment, rollout tracking, and continuous improvement with limited oversight.
- Support the design, maintenance, and execution of security and compliance training required for Everlaw personnel, with particular attention to role-based, environment-specific, and regulatory training obligations.
- Coordinate recurring training cycles, onboarding-related assignments, acknowledgements, re-certifications, and related evidence collection so completion records are reliable, reviewable, and audit-ready.
- Help maintain strong execution against program deadlines, annual and periodic training obligations, and related audit or assessment requests by tracking status, identifying gaps early, and driving follow-through.
- Contribute to a training program that reinforces Everlaw principles by promoting disciplined execution, clear communication, respect for users, and a high bar for secure handling of sensitive data.
Requirements
You have 5+ years of experience working as an individual contributor with a Governance, Risk, Compliance and Trust team.
You have strong working knowledge of customer trust, compliance operations, risk, and the evidence and control narratives needed to support questionnaires, reviews, and audits.
You have experience supporting FedRAMP, SOC 2, ISO 27001/27017/27018, or similar compliance frameworks.
You have led the completion of customer security questionnaires and have worked within trust portals, evidence repositories, or other GRC tooling software.
You have experience using workflow, metrics, or dashboard data to improve trust and compliance operations and to meet defined SLAs.
You can independently research moderately complex questions, synthesize inputs from multiple stakeholders, and produce high-quality written deliverables with a high bar for clarity and accuracy.
You communicate complex topics simply and concisely, tailor your communication to the audience, and navigate moderate disagreement while keeping focus on shared outcomes.
You are organized and reliable, maintain momentum across planned work and ad hoc requests, and escalate thoughtfully before risks become blockers.
You think beyond the immediate request and consider how current decisions affect future operations, compliance posture, and stakeholder experience.
You are comfortable operating in environments with some ambiguity, shifting priorities, and multiple stakeholders.
You bring sound judgment, professional maturity, and a strong sense of accountability when handling sensitive or high-visibility work.
Qualifications
You have a bachelor's degree in a relevant field such as Information Systems, Computer Science, Cybersecurity, Law, or a related field.
You have a strong understanding of legal and regulatory requirements, particularly those related to data protection and privacy.
You have excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner.
You have experience working with various compliance frameworks and standards, such as FedRAMP, SOC 2, ISO 27001/27017/27018, or similar frameworks.
You have experience managing and maintaining compliance documentation and evidence.
You have experience conducting security and compliance reviews of third-party vendors.
You have experience designing and delivering security and compliance training programs.
Skills
Strong analytical and problem-solving skills.
Excellent written and verbal communication skills.
Experience with compliance frameworks such as FedRAMP, SOC 2, ISO 27001/27017/27018.
Ability to manage multiple projects simultaneously and meet tight deadlines.
Experience with GRC tools and platforms.
Strong organizational and project management skills.
Ability to work collaboratively with cross-functional teams.
Knowledge of data protection and privacy regulations.
Benefits
The expected salary range for this role is between $140,000 - $178,000. The final offered salary will be dependent upon many factors including the candidate’s experience and skills.
The base pay range is subject to change in the future.
Equity program
401(k) retirement plan with company matching
Health, dental, and vision
Flexible Spending Accounts for health and dependent care expenses
Paid parental leave and approximately 10 days (80 hours) per year of sick leave
Seventeen paid vacation days plus 11 federal holidays
Membership to Modern Health to help employees prioritize mental health and wellness
Annual allocation for Learning & Development opportunities and applicable professional membership dues
Company-sponsored life and disability insurance
Ranked “#1 on G2 for Ediscovery Software and Momentum” and we offer free eDiscovery resources to benefit the greater societal good with Everlaw for Good
Ranked “Best Places to Work” by Glassdoor
Ranked “Fast Company’s World’s Most Innovative Companies”
Proud contributor of free ediscovery resources to benefit the greater good through “Everlaw for Good”
Pursue Truth While Finding Yours
At Everlaw, we are deeply invested in pursuing the truth, for our clients and for our employees. We know that when you’re empowered to pursue your passions, it is reflected in the work. That’s why we’re committed to the professional growth of all our team members, offering an annual learning and development stipend and regular career check-ins with managers.