Compliance Analyst

Title: Compliance Analyst
Location: Dunwoody, GA (Hybrid 2-3 days/week in office)
Department: Product and Engineering
Employment Type: Full-Time

About SmartPM

The SmartPM Project Control Platform is a game changer in the construction project management landscape. We are a fast growing, forward-thinking company that provides cutting-edge project management and analytics solutions. We aim to empower construction professionals and project stakeholders with the tools to achieve unprecedented efficiency, transparency, and project success.

SmartPM is seeking a highly detail-oriented and technically adept Compliance Analyst to lead and manage the company’s security and compliance initiatives. Reporting to the CTO, this hands-on role translates regulatory and framework requirements into practical, scalable processes that strengthen SmartPM’s security posture. This position is critical to maintaining customer trust, enabling enterprise growth, and supporting expansion into regulated markets.

At SmartPM, you’ll find a dynamic, transparent, and data-driven culture where innovation thrives. We empower our team members to take initiative, drive significant impact, and advance their careers in a collaborative and inclusive environment. If you’re ready to lead transformational projects within a fast-paced, results-oriented setting, we would love to hear from you.

What You’ll Do

• Support and maintain compliance programs aligned with SOC 2 and ISO/IEC 27001
• Assist with compliance readiness and ongoing efforts related to FedRAMP (prior experience nice to have)
• Manage compliance workflows, evidence collection, and audits using a GRC platform (experience with Drata required)
• Partner with engineering, product, and leadership teams to implement and monitor security controls
• Support risk assessments, remediation tracking, and compliance reporting
• Ensure awareness and alignment with WCAG 2.1 AA accessibility standards
• Help document policies, procedures, and controls to support audits and internal reviews
• Own and coordinate external audits, including SOC 2 and ISO 27001 surveillance and certification audits
• Conduct and document periodic risk assessments and control gap analyses
• Manage third-party/vendor risk assessments and ongoing monitoring
• Review client information security requirements, questionnaires, and assessments; prepare responses and supporting artifacts.
• Track remediation efforts and report compliance metrics to leadership
• Assist with incident response documentation and regulatory reporting requirements
• Maintain and enhance SmartPM’s compliance roadmap

What We’re Looking For

• Minimum of 3 years’ experience in an Information Security or Security Compliance role.
• Demonstrated understanding of information security controls, governance principles, and standards/frameworks such as SOC 2 and ISO 27001.
• Familiarity with WCAG 2.1 AA accessibility standards
• Experience with GRC or evidence management tools to map controls, manage testing, track issues, and produce audit-ready evidence (e.g., Drata required)
• Experience interfacing directly with external auditors
• Strong understanding of SaaS security architecture and cloud environments (AWS preferred)
• Experience conducting vendor risk assessments
• Ability to interpret technical security controls and translate them into compliance documentation
• Experience responding to security questionnaires (RFPs, DDQs)

Preferred

• Experience with FedRAMP or FedRAMP readiness
• Knowledge of cross-border regulations, such as GDPR and EU data privacy rules, is a plus
• Industry certifications such as CISSP, CISA, CISM, CRISC are a plus