Compliance Analyst

Grammarly team members in this role must be based in the United States or Canada.

The opportunity 

Grammarly empowers people to thrive and connect, whenever and wherever they communicate. Every day, 30 million people and 30,000 teams around the world use our AI-powered writing assistant. All of this begins with our team collaborating in a values-driven and learning-oriented environment. 

To achieve our ambitious goals, we’re looking for a Compliance Analyst to join our Governance, Risk, and Compliance team. This role will work closely with a wide variety of global teams at Grammarly to further evolve our compliance program at a truly global scale to assure and increase trust in our security posture among our existing and future users.

The Compliance Analyst is a business enabler and is responsible for supporting and executing critical portions of the regulatory compliance roadmap. This person will ensure that the regulatory roadmap supports business, sales, and revenue objectives while maintaining an alliance with existing information security standards. 

This person will work closely with Information Security, Legal, Engineering, Product and other teams to ensure regulatory control requirements are translated into Grammarly-understandable language that is informed by the organization’s current security practices and standards. We are not a check-box security organization and as such the person in this role will have the opportunity to participate in control requirements and remediation initiatives that result in pragmatic solutions for Grammarly and its users.  

Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. Read more about our stack or hear from our team on our technical blog.

Your impact

As a Compliance Analyst, you will:

• Own and further mature our information security controls framework in partnership with other functions.
• Maintain our existing certification program that contains a wide range of global certifications, such as SOC 2 Reports, ISO270XX certifications, PCI DSS.
• Join our efforts in pursuit of Grammarly’s federal authorization program.
• Work closely as a business enabler with other functions (including Sales and Marketing) to help them assure trust among our users via close collaboration or pursuit of new certification opportunities.
• Manage risks of our supply chain through thirdparty risk assessments and audits.
• Establish and maintain user-friendly processes and procedures that fulfill audit and compliance requirements.
• Build the implementation of compliance automation roadmaps to reduce burden on manual operations.
• Conduct periodic information security risk assessments and business impact analyses.
• Design and implement a company-wide information security awareness program in partnership with the rest of the Security organization.

We’re looking for someone who

• Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
• Is able to collaborate in person 2–4 weeks per quarter, traveling if necessary to the hub where the team is based.
• Knows how to build a bridge between regulatory frameworks and agile product organizations within a highly dynamic engineering culture.
• Has a good knowledge of security frameworks and standards and has working proficiency in implementing common control frameworks (e.g., GDPR, CCPA, SSAE 16, FedRAMP/NIST 800-53, HIPAA, ISO 270XX, PCI DSS) in cloud-first organizations.
• Builds and maintains healthy and productive relations with external assessors (e.g., auditors, customers, and federal agencies, such as FedRAMP PMO).
• Enjoys managing complex projects or programs with multiple stakeholders and a well-established timeline toward a specific goal.
• Enjoys being a mentor while having a natural curiosity to learn from others as well.
• Becomes a partner to engineering and non-engineering teams through understanding their needs and challenges when implementing new or modifying existing security controls.

Nice to have

• BA or BS in a technical or security field or equivalent experience
• Experience managing multi-cloud compliance or a FedRAMP authorization program
• Background in systems, software, or IT administration and past responsibility over the implementation of technical security controls
• Any of the following certifications: CISA, CISSP, CISM, CCSP, or ISO-related certifications
• Knowledge of business continuity or contingency planning

Support for you, professionally and personally

• Professional growth: We hire people we trust, and we give team members autonomy to do their best work. We also support professional development with training, coaching, and regular feedback.
• A connected team: Grammarly builds a product that helps people connect, and we apply this mindset to our own team. We have a highly collaborative culture supported by our EAGER values. We also take time to celebrate our colleagues and accomplishments with global, local, and team-specific events and programs.
• Comprehensive benefits: Grammarly offers all team members competitive pay along with a benefits package encompassing superior health care (including mental health benefits). We also offer support to set up a home office, ample and defined time off, gym and recreation stipends, 401(k) matching, and more.

We encourage you to apply

At Grammarly, we value our differences, and we encourage all—especially those whose identities are traditionally underrepresented in tech organizations—to apply. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Grammarly will consider qualified applicants with criminal histories in a manner consistent with applicable law. Grammarly is an equal opportunity employer and a participant in the US Federal E-Verify program.

Grammarly currently supports the long-term work of team members in the following US states: Arizona, California, Colorado, Florida, Georgia, Illinois, Maine, Massachusetts, Minnesota, Nevada, New Jersey, New York, North Carolina, Oregon, Pennsylvania (Kennett Township, New London Township, Pittsburgh City, Shaler Township), South Carolina, Texas, Utah, Virginia, and Washington, as well as the District of Columbia 

Grammarly currently supports the long-term work of team members in the following Canadian provinces: British Columbia, Ontario