Canopy · 16 hours ago
Senior Compliance Analyst
South Jordan, UT
Full-time
Hybrid
Senior Level
6+ years expCanopy is a fast-growing SaaS company in South Jordan, Utah, focused on revolutionizing the accounting space with modern software solutions. The Senior Compliance Analyst will own and elevate compliance initiatives, manage the SOC 2 program, and collaborate with various teams to ensure secure and compliant growth.
AccountingBillingCRMDocument ManagementPaymentsProject ManagementSoftware
Responsibilities
Lead the expansion of our SOC 2 audit scope to include all Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, and Privacy)
Own and manage our compliance roadmap, ensuring we're continuously audit-ready
Coordinate and manage SOC 2 audits, including evidence gathering, auditor communication, and remediation tracking
Implement and maintain our Trust Center, making our security posture transparent and accessible to customers
Serve as the primary point of contact for customer security questionnaires and assessments
Create, refine, and maintain comprehensive security and compliance policies, such as: Acceptable Use Policy, Software Approval Policy, AI Use Policy, Incident Response Plan, Data Retention, Access, and Classification policies, Email Communication Policy, Business Continuity Plans
Ensure policies are practical, enforceable, and aligned with industry frameworks and regulatory requirements
Develop clear, accessible documentation that empowers teams to understand and follow security best practices
Partner with Legal, HR, and other departments to ensure policies are comprehensive and cross-functional
Own and maintain our risk register, conducting regular risk assessments and tracking mitigation efforts
Lead third-party vendor security reviews and risk assessments
Maintain detailed knowledge of what data exists in every third-party tool and who has access
Track and manage vendor compliance documentation (SOC 2 reports, security attestations, etc.)
Work with Procurement and Engineering to ensure vendors meet our security standards
Implement security controls across our infrastructure and applications in collaboration with Security Engineers
Work with the team to automate evidence collection and compliance monitoring using tools like Drata and Datadog
Conduct internal reviews of audit controls to ensure they remain effective and up-to-date
Identify gaps in our security posture and design solutions to address them
Evaluate and implement new compliance and security tooling as needed
Partner with Engineering, Product, HR, Legal, and Sales to ensure compliance requirements are understood and met
Ensure control owners across the organization complete their compliance tasks on schedule
Provide training and guidance to teams on security and compliance best practices
Serve as a trusted advisor to leadership on compliance strategy and risk posture
Qualification
Required
6+ years of experience in security compliance, with at least 2 years owning or leading SOC 2 audits
Deep understanding of SOC 2 Trust Services Criteria and how to implement effective controls
Proven experience building or scaling compliance programs at a SaaS or technology company
Excellent policy writing skills with the ability to translate complex requirements into clear, actionable documentation
Strong technical foundation with the ability to implement security controls and work effectively with engineering teams
Experience managing GRC platforms (Drata, Vanta, or similar)
Outstanding project management skills and ability to coordinate across multiple stakeholders
Self-starter mentality with the ability to own initiatives from strategy through execution
Strong ability to translate technical concepts for non-technical audiences
Preferred
Experience expanding SOC 2 scope beyond Security (Availability, Confidentiality, Processing Integrity, Privacy)
Familiarity with additional compliance frameworks (ISO 27001, PCI-DSS, GDPR, CCPA, HIPAA)
Experience implementing and managing Trust Centers
Knowledge of AWS/cloud security best practices (we use EKS, RDS, and AWS services)
Technical skills in scripting or automation (Python, Bash, etc.) for evidence collection and control monitoring
Experience with SIEM tools (Datadog), CI/CD platforms (GitHub), and infrastructure monitoring
Relevant certifications (CISSP, CISM, CISA, or similar)
Experience in a high-growth startup or scale-up environment
Background working cross-functionally with Legal, HR, or Sales on compliance initiatives
Benefits
Flexible Paid Time Off - you’re actually encouraged to use it, plus 10 company holidays!
Health Benefits - including Medical, Dental, and Vision and an HSA Match.
401(k) - we match 100% up to 3% of your contribution. Eligibility is immediate with 100% vesting.
Mental Health - all employees have access to Impact Suite & to our Employee Assistance Program (EAP).
Paid New Parent Leave & Birthing Parent Leave - so you’re able to care for your little ones.
Supplemental Benefits - including 100% company paid Basic Life & AD&D insurance and long & short-term disability coverage.
Nectar - our peer-to-peer recognition program to help our employees recognize the amazing work being done by other Canopians!
Company Events - including monthly company-wide meetings, summer parties, and more.
ERG Committees - to plan initiatives around continuing education, community outreach, recruiting, onboarding, and more.
Fully-stocked kitchen - Keto? Vegan? Flexitarian? Mandalorian? We’ve got you covered.
Company
Canopy
Canopy offers a cloud-based Practice Management solution for Accounting professionals.
201-500 employees
H1B Sponsorship
Canopy has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2021 (1)
Funding
Current Stage
Growth StageTotal Funding
$258.03MKey Investors
Viking Global InvestorsTen Coves CapitalAnkona Capital Partners
2025-04-23Series C· $70M
2024-05-08Series C· $35M
2021-12-08Series B· $35M
Leadership Team
Gordon Roylance
Chief Technology Officer
Jordan Ray
Chief Revenue Officer
Recent News
Business Wire
2026-01-16
2025-12-18
invc.news
2025-12-10
Company data provided by crunchbase