Security Compliance Analyst, Privacy

About Us At LangChain, our mission is to make intelligent agents ubiquitous. We build the foundation for agent engineering in the real world, helping developers move from prototypes to production-ready AI agents that teams can rely on. We began as widely adopted open-source tools and have grown to also offer a platform for building, evaluating, deploying, and operating agents at scale. With $125M raised at Series B from IVP, Sequoia, Benchmark, CapitalG, and Sapphire Ventures, we’re at a stage where we’re continuing to develop new products, growth is accelerating, and all team members have meaningful impact on what we build and how we work together. LangChain is a place where your contributions can shape how this technology shows up in the real world. Today, our platform includes LangSmith (Observability, Evaluation, Deployment, Fleet, and Sandboxes), our open source frameworks (LangChain, LangGraph, and Deep Agents), and the newly launched LangSmith Engine for autonomous agent improvement. We have 100M+ monthly open source downloads, 6,000+ active LangSmith customers, and 5 of the Fortune 10 use LangSmith in production (+ 35% of the Fortune 500 overall), including teams at Klarna, Clay, Coinbase, Workday, Lyft, Cloudflare, Harvey, Rippling, Vanta, LinkedIn, Monday.com, Nvidia, and Bridgewater. About the Team The Security team at LangChain treats compliance as a business enabler, not a checkbox. We move fast, build customer trust across regulated industries, and are actively rethinking what modern security compliance looks like at an AI-native company. We are a small team that operates nothing like a traditional compliance function, still deep in the work of building controls, implementing frameworks, and pushing the business forward on security. About the role You'll play a central role in building and scaling LangChain's privacy compliance program, developing the processes, technical controls, and automation that back our commitments to customers, partners, and regulators. You'll maintain and grow our SOC 2, ISO 27001, and privacy programs while taking primary ownership of our privacy framework across multiple cloud environments, deployment models, and geographies. We are looking to hire in-person in SF or NY. What you'll do Build and automate our compliance operations layer, including evidence pipelines, control monitoring, and agentic systems for always-on visibility into our compliance posture. Work directly with Engineering to embed security and privacy controls into our products, including deletion pipelines, PII detection, access audit logging, and fine-grained data access controls. Maintain and scale our certification and audit programs across SOC 2, ISO 27001, ISO 27701, ISO 42001, HIPAA, GDPR, CCPA, EU-US Data Privacy Framework, and others. Drive audit readiness, identify overlapping requirements, and reuse evidence across frameworks to continuously strengthen our security story. Partner with Legal on security and privacy contract execution, covering DPAs, BAAs, security addenda, and vendor terms. Build the templates, playbooks, and review processes that enable fast, reliable execution in regulated verticals and unblock enterprise sales. Monitor adherence to security and privacy contractual obligations across all signed agreements, building the operational workflows and tracking mechanisms to stay on top of commitments as our customer base grows. Contribute to LangChain's customer trust program — security questionnaire responses, due-diligence reviews, and the trust documentation and whitepapers that give regulated-industry customers confidence in our security posture. Support vendor privacy risk assessments during onboarding and renewals. What you'll bring 5+ years in privacy, GRC, or security compliance, ideally with time at a Big 4 or advisory firm, or in-house at a high-growth tech company. Hands-on operational experience with privacy regulations and compliance frameworks (GDPR, HIPAA, CCPA, ISO 27001, ISO 27701, SOC 2), including controls mapping, audit support, and day-to-day program operations. Experience with DPAs and BAAs: reviewing, negotiating, or operationalizing them in a commercial context. Technical fluency: comfortable reading code, understanding data flows, validating that controls work as described, and collaborating directly with engineering teams. Exceptional writer. You'll draft policies, respond to security questionnaires, and translate complex requirements into clear guidance for audiences ranging from engineers to executives. Nice to have Background in a regulated industry (healthcare, finance, government) or working directly with regulated-industry customers. Experience working across multi-cloud deployment environments. Ability to write scripts or code (Python is a strong plus) to automate compliance checks, privacy workflows, or build integrations between security and compliance tooling. Relevant certifications such as CIPM, CIPP/E, CIPP/US, CISA, CISSP, ISO 27001 Lead Implementer, or ISO 27701 Lead Implementer. Annual salary range: $175,000- $220,000 USD Compensation Philosophy: We offer competitive compensation that includes base salary, variable compensation for relevant roles, meaningful equity, benefits, and perks. Actual compensation and offerings will vary based on role, level, and location. Team members in the EU, UK, and APAC receive locally competitive benefits aligned with regional norms and regulations. Benefits Benefits include medical, dental, and vision coverage, flexible vacation, a 401(k) plan, meals on in-office days in the US and more.