Why This Job is Featured on The SaaS Jobs
Trust and assurance have become core buying criteria in SaaS, especially for platforms handling sensitive legal workflows and AI-driven document analysis. This GRC Analyst role sits at that intersection, where security compliance is not a back-office function but a product-adjacent capability that influences enterprise adoption. With Ivo operating as an AI-powered contract review SaaS and referencing SOC 2, ISO 27001, and emerging AI governance standards, the remit reflects the compliance expectations placed on modern cloud vendors.
For a SaaS career, the role offers durable exposure to how recurring-revenue businesses operationalise risk management at scale: translating frameworks into controls, coordinating evidence across engineering and operations, and responding to customer security assessments. Experience with compliance automation tooling like Vanta, plus hands-on audit readiness, tends to transfer well across SaaS categories because it maps to common go-to-market motions such as vendor reviews, Trust Centers, and third-party risk processes.
This position is best suited to someone who prefers structured work, strong documentation, and cross-functional coordination, and who enjoys turning abstract requirements into repeatable operational workflows. It will fit a practitioner who wants to deepen technical compliance fluency while staying close to product, cloud infrastructure, and the realities of enterprise SaaS procurement.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
About Ivo?
Ivo is an AI-powered contract review and legal technology company transforming how organizations review, negotiate, and manage contracts. Security, privacy, and trust are foundational to our platform and customer relationships. As we continue to scale, we are looking for a highly motivated Governance, Risk & Compliance (GRC) Analyst to support and mature Ivo's security compliance and risk management programs.
Why Ivo?
Every civilization runs on the same infrastructure: agreements between people who don't fully trust each other. Sumerians pressed them into clay. Romans carved them into stone. We bury them in 80-page PDFs.
The way those agreements are reviewed hasn't changed in four thousand years - a human reads the whole thing and tries not to miss anything. We're building the AI that finally changes that. Ivo is the contract intelligence platform of choice for companies like Uber, Meta, Canva, IBM, and Shopify. We recently raised our Series B and have grown 800% over the last 12 months.
Role Overview:
Ivo is seeking a detail-oriented and proactive GRC Analyst to support the company's compliance, risk management, and security assurance initiatives. This role will play a key part in maintaining and enhancing Ivo's compliance programs, including SOC 2 Type II, ISO 27001, CSA STAR, and ISO/IEC 42001.
The ideal candidate has experience supporting security audits, managing evidence collection, conducting risk assessments, maintaining policies and procedures, and partnering cross-functionally with engineering, IT, legal, HR, and business stakeholders.
This is a fully onsite role based out of Ivo's San Francisco headquarters to support close cross-functional collaboration with Security, Engineering, IT, and Operations teams.
Responsibilities:
Support and coordinate Ivo's compliance programs including SOC 2 Type II, ISO 27001, CSA STAR, and ISO/IEC 42001.
Assist with annual audits, surveillance audits, and customer security assessments.
Coordinate evidence collection and maintain audit readiness across teams.
Support and maintain Ivo's Vanta GRC platform and associated compliance workflows.
Monitor automated compliance evidence collection and control monitoring within Vanta.
Perform vendor and third-party risk assessments.
Support enterprise risk management and risk register maintenance.
Maintain and update security policies, standards, and procedures.
Support AI governance and responsible AI compliance initiatives.
Required Qualifications:
3–5 years of experience in Governance, Risk & Compliance (GRC), Information Security, IT Audit, or related field.
Hands-on experience supporting SOC 2 Type II, ISO 27001, CSA STAR, and in-depth knowledge of ISO/IEC 42001.
Experience administering or working extensively with Vanta or similar GRC/compliance automation platforms.
Experience managing and maintaining a customer-facing Trust Center, including security documentation, compliance artifacts, sub-processor disclosures, and customer assurance materials.
Strong understanding of information security principles and common security controls.
Experience with audits, evidence management, and customer security reviews.
Excellent written and verbal communication skills.
Preferred Qualifications:
Experience working at a SaaS or AI company.
Familiarity with GDPR, CCPA, privacy regulations, and third-party risk management.
Knowledge of cloud environments such as GCP, AWS, or Azure.
Relevant certifications such as Security+, CISA, CRISC, CCSK, or ISO 27001 Lead Implementer/Auditor.
What We're Looking For:
Strong attention to detail and accountability.
Collaborative mindset with strong cross-functional communication skills.
Ability to translate compliance requirements into practical operational processes.
Interest in emerging AI governance and security frameworks.
Self-starter mentality with a continuous improvement mindset
Compensation and Benefits:
Competitive salary ($135k - $165k) and equity package.
Comprehensive health, dental, and vision coverage.
Flexible PTO.
Collaborative onsite work environment (5 days) at Ivo's San Francisco headquarters.
Opportunity to help shape the security and compliance foundation of a rapidly growing AI company.
Equal Opportunity Employer
Ivo is an equal opportunity employer and values diversity at all levels of the organization. We celebrate diversity and are committed to creating an inclusive environment for all employees.
