Compliance Analyst

About the role

We are seeking a proactive and detail-oriented Compliance Analyst to join our Security & Compliance team. This is an ideal opportunity for someone early in their career who wants to build a foundation in cloud compliance, audit, and customer trust, or someone at an intermediate level looking for a change. You'll work alongside experienced compliance engineers and auditors to keep Aiven's certifications healthy, support our internal teams in following sound processes, and help our customers get the assurance they need to trust us with their data.

Responsibilities

• This role spans evidence operations, audit support, third-party oversight, and customer-facing trust work:
• Audit Support and Evidence Collection:
• Evidence Gathering: Partner with engineering, IT, People Operations, and other stakeholders to collect, organize, and validate evidence required for SOC 2, ISO 27001, PCI DSS, and GDPR/privacy programs.
• Auditor Coordination: Act as a day-to-day point of contact for external auditors during fieldwork - fulfilling sample requests, walking through controls, and tracking open items to closure.
• Continuous Compliance: Maintain control evidence in our GRC tooling on an ongoing basis so audits aren't a fire drill. Flag drift or expiring evidence early.
• Internal Audit and Process Improvement:
• Internal Audit Activities: Assist with internal control testing, sampling, and walkthroughs across the year. Document findings clearly and track remediation with control owners.
• Process Partnership: Work with internal teams (engineering, IT, People Operations, vendor management) to translate compliance requirements into pragmatic, day-to-day process. Help teams meet controls without slowing them down.
• Policy and Documentation Hygiene: Assist with reviewing, updating, and version-controlling security and compliance policies, standards, and procedures.
• Third-Party Risk and Due Diligence:
• Material and Critical Third Parties: Help maintain Aiven's inventory of material and critical third-party providers, ensuring each has a current risk profile and the right level of oversight.
• Ongoing Due Diligence: Run recurring due diligence on key vendors and sub-processors - collecting and reviewing SOC 2 reports, ISO certifications, security questionnaires, and other assurance artifacts; flagging gaps for senior review.
• Vendor Lifecycle Support: Partner with procurement, legal, and security on intake of new vendors and on periodic re-assessments, contract review checkpoints, and offboarding.
• Customer Trust and Questionnaires:
• Security Questionnaires: Respond to customer and prospect security and compliance questionnaires accurately and on time. Maintain and improve our answer library so common questions are easy to answer consistently.
• Trust Center Support: Help keep customer-facing artifacts (compliance reports, certifications, sub-processor lists, FAQs) accurate and current.
• Cross-functional Liaison: Partner with Sales, Legal, and Security engineering to escalate complex questions and unblock customer deals.

Requirements

• Up to 2 years of experience (including internships, co-ops, or hands-on coursework) in compliance, internal audit, GRC, IT audit, information security, or a closely related field.
• Familiarity with at least one major compliance framework - SOC 2, ISO 27001, PCI DSS, or GDPR - gained through study, certification, or hands-on work.
• Strong attention to detail and a disciplined, organized approach to tracking evidence, deadlines, and follow-ups.
• Comfortable navigating ambiguity, asking good questions, and learning quickly from senior team members.
• Excellent written and verbal communication - you can explain a control to an engineer and an audit finding to a manager without losing either of them.
• Comfort working in a cloud-first environment (AWS, GCP, or Azure exposure is a plus, not a requirement).
• Interest in using scripting, automation, or AI tooling (e.g., Python, basic SQL, no-code/low-code platforms, or modern AI assistants) to make repetitive evidence and questionnaire work less repetitive.
• Bonus: exposure to GRC platforms, questionnaire tooling, or relevant professional certifications in security, audit, or compliance.
• Amazing! What's next:
• If you think Aiven is the place for you and that our Values align with yours, send us your resume and we'll get in touch!
• Global Benefits:
• Our global benefits are designed to help you thrive and grow, personally and professionally:
• Participate in Aiven's equity plan.
• Balance work and life with our hybrid work policy.
• Choose the equipment you n

Benefits

Additional Information

We're a global team of over 400 people, working together to push the boundaries of open-source technology and multi-cloud solutions. Our vision is to help developers, builders, and creators bring their ideas to life with speed and simplicity, by providing a cloud data platform that makes open-source databases, search, streaming, and application infrastructure easily accessible to everyone.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at aiven36? Share your experience