Governance, Risk, and Compliance Analyst

About Us At You.com, we are building the AI Search Infrastructure that powers modern AI systems. Our goal is to create the trusted knowledge layer that agents, applications, and enterprises rely on to retrieve real-time, accurate, and citation-backed information. Our platform combines proprietary vertical indexes with LLM-optimized retrieval systems to power AI agents, applications, and enterprise workflows. We are solving hard problems across search, large language models, and large-scale infrastructure to make AI systems more reliable, transparent, and useful. Our team includes engineers, researchers, product builders, and operators who care about solving meaningful problems and delivering real-world impact. Whether you are improving core infrastructure, shaping product experiences, or helping bring new AI capabilities to market, your work will help define how modern AI finds and uses knowledge. The Role We're looking for a GRC Analyst to join our growing Security, IT, and Privacy function. You'll be the backbone of all the compliance work at the intersection of Engineering, Legal, and Product. This role will build and maintain the compliance programs as part of the security team. Our goal is simple: earn and keep the trust of our customers. The right person translates security and risk into terms that the business and product teams can act on. Key Responsibilities Own and manage compliance programs across frameworks including SOC 2, ISO 27001, GDPR, CCPA, HIPAA, and FedRAMP Coordinate audit activities end-to-end: evidence collection, documentation, auditor responses, and remediation tracking Leverage AI and other tools to deliver metrics that stakeholders can consume and understand Conduct vendor and third-party risk assessments; manage the due diligence lifecycle for new and existing partners Help manage security and risk reviews (e.g. DDQs, VSQs) as part of the procurement process in collaboration with the Legal, Finance, and Security team Assist with building and maintaining compliance policies, procedures, and supporting documentation for security and compliance Translate regulatory and contractual requirements into actionable controls and processes Monitor the evolving regulatory landscape (especially AI-specific regulations) and flag relevant obligations Support Privacy-by-Design reviews for new product features and data practices Track open compliance items and proactively drive them to closure across stakeholders Requirements 3–5 years of experience in GRC, Information Security compliance, or a related field Hands-on experience with SOC 2 or ISO 27001 audits, including evidence collection and gap assessments Familiarity with privacy regulations: GDPR, CCPA, and ideally emerging AI regulatory frameworks (EU AI Act, etc.) Experience managing vendor risk assessments and third-party due diligence processes Strong written and verbal communication skills. You can explain compliance requirements to engineers and legal concepts to product managers Highly organized, able to manage multiple workstreams and deadlines without dropping the ball Comfortable working independently in a fast-paced environment with limited process overhead Leverage AI to help build automation and data analysis workflows for reporting and tracking Bonus points for: Experience at an AI or search company Familiarity with data broker or data licensing compliance CISA, CISM, or CRISC Our salary bands are structured based on a combination of geographic tiers and internal leveling. Compensation is determined by multiple factors assessed during the interview process, with the final offer reflecting these considerations. Salary Band

$150,000—$180,000 USD

Company Perks: Hubs in San Francisco and New York City offering regular in-person gatherings and co-working sessions Flexible PTO with U.S. holidays observed and a week shutdown in December to rest and recharge* A competitive health insurance plan covers 100% of the policyholder and 75% for dependents* 12 weeks of paid parental leave in the US* 401k program, 3% match - vested immediately!*

• 500 work-from-home stipend to be used up to a year of your start date*
• 600 technology stipend to support a portion of our hybrid/remote team's cell phone and internet expenses*
• 1,200 per year Health & Wellness Allowance to support your personal goals*

The chance to collaborate with a team at the forefront of AI research *Certain perks and benefits are limited to full-time employees only You.com participates in E-Verify. We will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee’s Form I-9 to confirm work authorization. (English/Spanish: E-Verify Participation/Right to Work) We are also an inclusive, equitable, and accessible workplace. Please let us know if you require accommodation for any portion of the recruitment and hiring process. Beware of recruiting scams: You.com will only contact you through official @You.com email addresses and will never ask for payment or sensitive personal information during the hiring process.