Compliance Analyst

Remote from
USA
Salary, yearly, USD
160,000 - 180,000
Employment type
Full Time,
Job posted
Apply before
10 Aug 2026
Experience level
Midweight
Views / Applies
37 / 1

About Cresta

Real-Time Intelligence for Contact Centers

Actively Hiring
Verified job posting
This job post has been manually reviewed for authenticity and compliance.

AI Summary

Cresta, an AI company born from Stanford AI Lab, is seeking a Compliance Analyst to lead customer-facing security conversations and manage the security review lifecycle within sales deals. The role involves performing risk assessments, driving remediation of gaps, and streamlining SOC 2 compliance efforts. This position requires solid security engineering experience and a passion for data protection and cybersecurity. The successful candidate will work cross-functionally to ensure timely resolution of security issues and enable growing global data protection efforts. Cresta offers a fast-paced, innovative environment with significant growth opportunities.

Role DNA

Job Complexity
Easy Hard
Pace & Pressure
Relaxed Fast-paced
Autonomy Level
Guided Full Ownership
Communication Load
Independent Highly Collaborative
AI Insight The role requires a blend of security engineering expertise and compliance knowledge, along with strong customer-facing skills, making it moderately difficult to find candidates with the right mix.

Salary Analysis

Median Above Market
USD170,000
US Market
USD70k – 130k
0 USD187k
AI Insight The offered salary of $170,000 (median) is significantly above the typical market range for Compliance Analysts, which generally falls between $70,000 and $130,000. This indicates a highly competitive compensation package, likely reflecting the seniority and specialized nature of the role at a high-growth AI startup.

Dear Hiring Manager,

I am writing to express my enthusiastic interest in the Compliance Analyst position at Cresta. With a strong background in security engineering and compliance, I have successfully led customer-facing security reviews and managed risk assessments for SaaS platforms. My experience includes streamlining SOC 2 processes and driving cross-functional remediation efforts.

I am particularly drawn to Cresta's mission to revolutionize customer experience through AI. Your focus on augmenting human intelligence aligns with my belief in responsible technology deployment. I am eager to contribute to your team and help maintain the highest security and compliance standards.

Sincerely,
[Your Name]

Can you describe your experience with SOC 2 compliance and how you have managed the audit lifecycle?
I have led SOC 2 Type II audits for a SaaS company, coordinating with external auditors and internal teams to ensure all controls were documented and tested. I created a project plan, tracked evidence collection, and resolved findings promptly. This experience taught me the importance of continuous monitoring and clear communication.
How would you handle a customer's security questionnaire that contains requirements not currently met by our infrastructure?
I would first acknowledge the customer's concerns and then work with the engineering team to assess the feasibility of implementing the control. If it's not feasible immediately, I would document a compensating control or a timeline for remediation. I'd also provide a clear explanation to the customer and offer regular updates.
What is your approach to performing a risk assessment for a new vendor?
I would start by categorizing the vendor based on the data they access and the services they provide. I then use a standardized risk assessment framework (e.g., NIST) to evaluate their security posture, review their SOC reports, and conduct interviews. The results are documented with a risk score and recommended mitigations.
Describe a time when you had to drive a security gap to remediation. What steps did you take?
At my previous company, we identified a gap in access controls for a critical database. I convened a meeting with the IT team to prioritize the fix, assigned ownership, and set a deadline. I also implemented a temporary manual approval process. The gap was closed within two weeks, and I followed up with a post-remediation review.
How do you stay current with evolving security and compliance regulations?
I subscribe to industry newsletters (e.g., CSO Online, Compliance Week), attend webinars, and participate in professional groups like ISACA. I also take certifications (e.g., CISSP, CISA) to deepen my knowledge. Staying informed allows me to proactively update our compliance program.

Cresta unlocks the true potential of the customer experience, turning every conversation into a competitive advantage. Cresta’s unified AI platform combines conversational AI agents, real-time human agent augmentation, and comprehensive conversation intelligence to drive revenue and efficiency gains across every channel. The world’s leading companies, including United Airlines, Cox Communications, and Marriott, use Cresta to power world-class customer experiences every day. 

Born from the Stanford AI Lab, Cresta has raised more than $270 million from the world’s leading investors, including a16z, Greylock, and Sequoia. Cresta’s leadership includes some of the leading minds in AI today. Our CEO, Ping Wu, founded and led Google’s Contact Center AI and Vertex AI platforms before joining Cresta to build the future of AI-driven customer experiences.

Over the next few years, AI is going to redefine how people all over the world interact with businesses every day. Come build that future at Cresta.

Cresta is on a mission to turn every customer conversation into a competitive advantage by unlocking the true potential of the contact center. Our platform combines the best of AI and human intelligence to help contact centers discover customer insights and behavioral best practices, automate conversations and inefficient processes, and empower every team member to work smarter and faster. Born from the prestigious Stanford AI lab, Cresta’s co-founder and chairman is Sebastian Thrun, the genius behind Google X, Waymo, Udacity, and more. Our leadership also includes CEO, Ping Wu, the co-founder of Google Contact Center AI and Vertex AI platform, and co-founder, Tim Shi, an early member of Open AI.
 
We’ve assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Cox Communications, Hilton, and Carmax and we’ve been recognized by Forbes and Bain Consulting as one of the top private AI companies in the world.
 
Join us on this thrilling journey to revolutionize the workforce with AI. The future of work is here, and it’s at Cresta.

About the role:

Interested in defining how AI shapes the future of work? Cresta is on a mission to make every knowledge worker 100x as effective, 10x faster and 10x better. Cresta is focused on using AI to help the workforce, not replace them. Cresta uses our patented Expertise AI to uncover expert insights from every conversation and put those insights into action with real-time coaching during customer conversations. We’re growing fast! Spun out of the Stanford AI lab and chaired by Google-X founder Sebastian Thrun, Cresta launched in 2020. Since then, we’ve grown revenue and our team by 300%! We’ve assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors and advisors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Porsche, Adobe, and Dropbox and we have been recognized as a startup to watch by Business Insider, Forbes, and Gartner to name a few. We have huge ambitions and are looking for stellar candidates who have an entrepreneurial mindset and are excited to use cutting-edge AI to solve real-world business problems. Cresta is seeking a passionate individual with solid security engineering experience to support the security & compliance team and enable growing global data protection and cybersecurity efforts. 

Responsibilities:

  • Lead and manage all customer-facing security conversations, partnering cross-functionally to ensure timely resolution of issues and seamless execution of the security review lifecycle within sales deals.
  • Perform risk assessments to identify gaps, come up with recommendations, and drive the gaps to remediation.
  • Streamline and lead SOC 2 Type II, ISO 27001/27701/42001, PCI-DSS, TISAX, HIPAA, and FedRAMP audit processes.
  • Perform internal audits and keep the necessary documentation updated as required for audits.
  • Perform risk assessments to identify gaps, come up with recommendations, and drive the gaps to remediation.
  • Streamline and lead SOC 2 Type II, ISO 27001/27701/42001, PCI-DSS, TISAX, HIPAA and FedRAMP audit processes.
  • Perform internal audits and keep the necessary documentation updated as required for audits.
  • Perform gap assessments against new regions and target industry markets to comply with compliance regulations as the company expands.
  • Conduct new-hire and annual security awareness training to educate personnel and re-iterate security and compliance requirements.
  • Oversee and continuously improve the vendor risk management framework, ensuring effective identification, assessment, and mitigation of third-party risks.
  • Establish metrics to track compliance program effectiveness and to report risk.
  • Interface with both technical (Engineering/Product) and non-technical (Sales/Marketing/Customer Success) teams.
  • Respond to customer RFIs, questions, audits and technical documentation requests.
  • Help build our common control framework and drive adoption of the framework within the organization.
  • Build and automate processes to achieve continuous compliance over the technology control environment.
  • Assist with sales and marketing materials representing product security and compliance.

Qualifications We Value:

  • 4+ years of experience in security governance, IT audit, or security compliance management
  • 3+ years of program management, with experience in affecting technology decisions
  • End-to-end experience going through SOC 2 Type II, HITRUST, HIPAA, TISAX, ISO 27001/27701/42001, FedRAMP, and PCI-DSS external audits
  • Experience in a hands-on technical role, with basic understanding of software implementation and integration
  • Experience with cloud environments on AWS, GCP, Azure
  • A track record of building relationships and credibility with business leads, external partners, and regulators through collaborative and independent programs
  • Experience managing competing efforts and requirements
  • Experience with fast-growing cloud native SaaS start-ups
  • Bonus: Experience with building GRC engineering tooling
  • Bonus: Experience with AI security frameworks such as AIUC

Perks & Benefits:

We offer a comprehensive and people-first benefits package to support you at work and in life:

  • Comprehensive medical, dental, and vision coverage with plans to fit you and your family
  • Flexible PTO to take the time you need, when you need it
  • Paid parental leave for all new parents welcoming a new child
  • Retirement savings plan to help you plan for the future
  • Remote work setup budget to help you create a productive home office
  • Monthly wellness and communication stipend to keep you connected and balanced
  • In-office meal program and commuter benefits provided for onsite employees

Compensation at Cresta 

Cresta’s approach to compensation is simple: recognize impact, reward excellence, and invest in our people. We offer competitive, location-based pay that reflects the market and what each individual brings to the table.

The posted base salary range represents what we expect to pay for this role in a given location. Final offers are shaped by factors like experience, skills, education, and geography. In addition to base pay, total compensation includes equity and a comprehensive benefits package for you and your family.

Salary Range: $160,000 – $180,000 + Offers Equity

We have noticed a rise in recruiting impersonations across the industry, where scammers attempt to access candidates’ personal and financial information through fake interviews and offers. All Cresta recruiting email communications will always come from the @cresta.ai domain. Any outreach claiming to be from Cresta via other sources should be ignored. If you are uncertain whether you have been contacted by an official Cresta employee, reach out to recruiting@cresta.ai

Apply now >

This job listing has been manually reviewed by the Jobicy Trust & Safety Team for compliance with our posting guidelines, including verification of the company's legitimacy, accuracy of job details, clarity of remote work policy, and absence of misleading or fraudulent content.

How to apply

Did you apply? Let us know, and we’ll help you track your application.

See a few more

Similar Legal & Compliance remote jobs

Jobs Talent Salaries
Menu