Internal Audit & Compliance Analyst

Company overview

LucidLink is a fast-growing startup on a mission to make data instantly and securely accessible from everywhere. As remote and hybrid work has become the new normal, our cloud-based technology enables teams to instantly access files and collaborate from anywhere in a familiar format that works like a local hard drive.

LucidLink’s solution is designed for workflows involving huge files, massive data sets and real-time collaboration. Our customers include the world’s most creative companies like Paramount, Warner Brothers, Epic Games, Spotify, A+E and Netflix. We were founded in 2016 by storage industry experts and support over one billion customer files across more than 40+ countries. LucidLink is headquartered in San Francisco, California, has an engineering office in Sofia, Bulgaria, and remote employees across North America, Europe, and Australia.

Reasons to join LucidLink:

• Tackle big challenges: You’ll have the chance to solve complex, high-stakes problems that redefine how teams collaborate globally. By starting with the Media & Entertainment industry and expanding into data-intensive sectors, you’ll gain deep insight into cutting-edge technologies and play a role in shaping the future of global workflows.

• Values-led culture: Our values don’t just exist on paper—they guide every decision and interaction. You’ll thrive in an environment where integrity, innovation, and empathy are at the core of how we operate, empowering you to grow personally and professionally.

• Hypergrowth journey: Joining a company with triple-digit growth rates means unparalleled opportunities for advancement, learning, and being part of an exciting journey toward unicorn status. You’ll experience the adrenaline of startup speed combined with the satisfaction of building something truly impactful.

• Immediate impact: At LucidLink, your work will matter—immediately. You’ll be part of a tight-knit team of 170+ builders working at startup speed, where your ideas and actions will create tangible, exponential results that contribute to our collective success.

• Comprehensive benefits: We believe in investing in our people. With unlimited PTO, a competitive salary, stock options, and full health coverage, you’ll feel supported both professionally and personally while enjoying a strong work-life balance.

The Opportunity

We are seeking a detail-oriented and proactive Internal Audit & Compliance Analyst to support our audit and compliance initiatives. This role is ideal for someone with experience in GRC tools, regulatory compliance, and cybersecurity frameworks. You will be responsible for conducting internal readiness assessments, documenting compliance gaps, tracking risk remediation efforts, and ensuring we meet regulatory and industry-specific requirements.

Key Responsibilities

• Conduct internal audits and readiness assessments for compliance frameworks such as SSAE16, SOC 2, ISO 27001, TPN, GDPR, and other relevant regulatory and market-specific requirements.

• Ensure compliance with GDPR, CCPA/CPRA and other privacy regulations. 

• Identify compliance gaps, summarize risks, and track remediation efforts to closure.

• Maintain and manage GRC tools to support compliance monitoring, reporting, and risk assessments.

• Partner with internal teams to document and enhance security controls, policies, and procedures.

• Complete security and compliance self-assessment questionnaires from customers and partners.

• Collaborate with third-party auditors and assist in external audit engagements.

• Stay up to date with evolving cybersecurity and risk management frameworks, such as NIST, CIS, ISO 27001, and others.

• Support compliance with evolving regulations and AI governance frameworks. 

• Support third-party risk assessment processes and support vendor due diligence efforts. 

• Collaborate with engineering, legal and product teams to align compliance efforts with business needs. 

• Support the development and maintenance of compliance documentation, policies and training programs. 

• Support the development and execution of internal security awareness and compliance training. 

Your Qualifications

• 5 years of experience in GRC, IT audit, compliance, or cybersecurity risk management.

• Preferred experience working with software/SaaS companies.

• Familiarity with regulatory and industry compliance frameworks (SOC 2, ISO 27001, GDPR, CCPA/CPRA etc.).

• Experience working with GRC tools (e.g., OneTrust, LogicGate, Vanta, Drata, or similar).

• Understanding of privacy-enhancing technologies and secure software development principles.

• Strong analytical, documentation, and problem-solving skills.

• Ability to translate complex compliance requirements into actionable business processes and communicate these  effectively to technical and non-technical stakeholders.

• Detail-oriented with strong analytical and problem-solving skills.

• Experience in completing security self-assessment questionnaires and working with auditors is a plus.

• Certifications such as CISA, CRISC, or ISO 27001 Lead Implementer/Auditor are a plus but not required.

The salary range provided for this position is an estimated guideline from a salary database. Total compensation for this position may also include equity, variable pay, and employee benefits. We consider a wide range of factors when making compensation decisions, including but not limited to relevant experience, knowledge, training, and skill sets; market conditions; and internal equity. Compensation ranges may also vary based on location.

LucidLink is an Equal Opportunity Employer. We strongly encourage you to apply, even if you don't believe you meet every requirement on the job description. You might be the right person for this role, or another one. We look forward to hearing from you.