Senior Compliance Analyst

IndiaPosted Jul 13, 2026
Apply

About AlphaSense: 

The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content.

The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us!

About the Role

AlphaSense is maturing its GRC function and needs a Senior Compliance Analyst to be the operational engine of our compliance program. You will own end-to-end evidence collection and auditor engagement across our ISO 27001, SOC 2, and ISO 42001 certifications—serving as the primary operational liaison between AlphaSense and external assessors throughout Stage 1, Stage 2, and surveillance cycles. You will partner with control owners across Engineering, IT, and Legal to ensure we are continuously audit-ready, not just audit-reactive. You bring an AI-native mindset: you use AI tools to accelerate evidence gathering, draft control narratives, identify documentation gaps, and replace manual toil with intelligent workflows—while applying rigorous judgment to validate every output you ship.But this role is more than executing a compliance program—it is an opportunity to help define what modern compliance looks like. AlphaSense is building a GRC function that we believe can set the standard for how AI-native, high-growth companies approach compliance: not as a checkbox exercise, but as a continuous, automated, and strategically integrated discipline. The practices we build here will influence how compliance is done industry-wide. We are looking for someone who is energized by that challenge—who wants to be part of building something that others will look to as the model.

Key Responsibilities

Evidence Collection & Management

Own the full evidence collection lifecycle across all active audit and continuous compliance cycles. Coordinate with control owners to gather, validate, and organize evidence artifacts in the GRC platform (Drata or equivalent). Use AI-assisted workflows to pre-stage evidence, flag stale artifacts, and reduce the manual burden on engineering and IT teams—making it easier for control owners to do this right than to skip it.

Auditor Engagement

Serve as the primary operational point of contact for external auditors during Stage 1, Stage 2, and surveillance audits. Manage auditor portals, respond to RFIs, track open items to closure, and ensure auditors leave each engagement with a complete, accurate view of how AlphaSense's controls operate in practice. Findings get closed before they become repeat findings.

Control Testing & Monitoring

Perform ongoing monitoring and periodic testing of implemented controls. Document control effectiveness, identify gaps, and work with control owners to remediate deficiencies on defined timelines. Map findings to applicable framework requirements across SOC 2, ISO 27001, and ISO 42001. Contribute to transitioning point-in-time control testing toward continuous, automated validation.

Policy & Documentation Governance

Maintain and update security policies, standards, and procedures to keep them aligned with current operational reality and framework requirements. Ensure documentation is version-controlled, accessible, and demonstrably distributed and attested to—satisfying auditor requirements without relying on static PDFs or manual tracking.

AI-Augmented Compliance Workflows

Identify and implement opportunities to use AI tools to streamline evidence gathering, control narrative drafting, audit preparation, and gap analysis. Operate in a human-in-the-loop model: AI accelerates the work, you validate for accuracy, completeness, and confidentiality before anything ships. Actively share what works with the broader GRC team.

AI Governance & Emerging Regulation

Support compliance efforts related to AI regulations and standards including EU AI Act, ISO 42001, and NIST AI RMF. Assist with risk assessments, documentation, and audit evidence for AI governance controls. Collaborate with Engineering and Product to ensure secure and responsible use of generative AI tools across the organization.

Cross-Functional Coordination & Advisory

Partner with Engineering, IT, Legal, and Product to ensure control ownership is clear, evidence is readily available, and compliance requirements are embedded into operational processes—not bolted on at audit time. Provide risk and control guidance on post-implementation reviews and remediation activities. Help stakeholders interpret requirements and build controls into how they actually work.

What Success Looks Like

  • Security and compliance controls are clearly documented, tested, and consistently implemented—with evidence generated by integrations, not collected by hand
  • Risks and compliance gaps are identified early, tracked with owners, and remediated in partnership with technical teams before auditors find them
  • GRC processes scale alongside platform growth and new customer or regulatory requirements without proportional headcount growth
  • Stakeholders across Engineering, Legal, and Product view the GRC function as a trusted, enabling partner—not a compliance checkpoint
  • AI tools are used deliberately and responsibly: output is validated, sensitive data is protected, and automation creates leverage without introducing new risk
  • Audit cycles are managed proactively—evidence is pre-staged, walkthroughs run smoothly, and there are no surprises for auditors or for us
  • Policy documentation is current, version-controlled, and demonstrably distributed—not a last-minute scramble before an audit

Who You Are

Basic Requirements

  • 6+ years of experience in GRC, information security, risk management, or IT audit, preferably in a SaaS or cloud-native environment
  • Strong understanding of security and compliance frameworks including SOC 2, ISO 27001, NIST CSF 2.0, and CIS Controls; working knowledge of ISO 42001 and NIST AI RMF
  • AI-native mindset: you use AI tools—LLMs, agents, automation—for real, substantive work including analysis, drafting, evidence gathering, and workflow automation. You apply judgment about where AI creates leverage and where a human must stay in the loop
  • Proficiency with GRC platforms for evidence management and control testing (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)
  • Familiarity with cloud environments (AWS, Azure, or GCP) and the security and compliance posture tooling that runs on them (CSPM, SIEM, identity platforms)
  • Experience supporting external audits across security or privacy domains, including evidence collection, control walkthroughs, and auditor interaction
  • Ability to interpret technical controls and translate findings into compliance, risk, and policy documentation that engineers and non-technical stakeholders both understand
  • Working knowledge of risk registers, control libraries, and policy governance lifecycles
  • Working knowledge of privacy and data protection requirements (GDPR, CCPA/CPRA) and how they intersect with security controls, in partnership with Legal and Product teams
  • Strong written communication, analytical thinking, and attention to detail; able to produce clear audit responses, risk narratives, and control documentation under deadline
  • Hands-on experience managing end-to-end audit evidence collection across ISO 27001, SOC 2 Type II, or equivalent frameworks in a SaaS or cloud environment
  • Direct operational experience working with external auditors as the primary compliance or audit liaison—walkthroughs, RFI responses, finding management
  • Automation-first mentality with demonstrated experience working in an organization that has implemented automated evidence collection—you default to building workflows over doing things manually, and you actively improve the automation rather than working around it
  • Demonstrated use of AI tools (LLMs, AI-assisted GRC workflows) to accelerate compliance work: drafting, research, evidence review, or gap analysis—with a clear practice of validating AI output before it ships
  • Experience maintaining policy governance lifecycles from drafting through distribution, attestation, and version control
  • Strong organizational skills and ability to manage multiple concurrent audit workstreams without losing detail

Nice to Have

  • Relevant certifications: CISA, CRISC, CISM, CISSP, CCSK, or ISO 27001 Lead Auditor/Implementer
  • Experience with AI governance frameworks including ISO 42001, NIST AI RMF, EU AI Act, or OECD AI Principles
  • Exposure to SOX ITGC cycles—managing evidence, walkthroughs, and findings with external auditors
  • Privacy program crossover: data mapping, DPIAs, GDPR/CCPA operational compliance
  • Scripting or automation experience (Python, JavaScript, or low-code tools) applied to GRC or compliance workflows
  • Experience with ISO 42001 AI management system audits or EU AI Act compliance documentation
  • Familiarity with policy-as-code and compliance-as-code approaches: controls expressed as enforceable automated checks, policies in version control, and requirements validated programmatically rather than through manual review
  • Programming or scripting skills (Python, JavaScript, or low-code tools such as n8n, Tines, or Zapier) applied to compliance workflows, evidence automation, or GRC platform integrations
  • Experience building or operating a security awareness and phishing simulation program
  • Background in privacy compliance operations (GDPR, CCPA data mapping, DPIAs) in partnership with Legal

AlphaSense is an equal-opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals. All employees share in the responsibility for fulfilling AlphaSense’s commitment to equal employment opportunity. AlphaSense does not discriminate against any employee or applicant on the basis of race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor. This policy applies to every aspect of employment at AlphaSense, including recruitment, hiring, training, advancement, and termination.

In addition, it is the policy of AlphaSense to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations, and ordinances where a particular employee works.

Recruiting Scams and Fraud

We at AlphaSense have been made aware of fraudulent job postings and individuals impersonating AlphaSense recruiters. These scams may involve fake job offers, requests for sensitive personal information, or demands for payment. Please note:

  • AlphaSense never asks candidates to pay for job applications, equipment, or training.
  • All official communications will come from an @alpha-sense.com email address.
  • If you’re unsure about a job posting or recruiter, verify it on our Careers page.

If you believe you’ve been targeted by a scam or have any doubts regarding the authenticity of any job listing purportedly from or on behalf of AlphaSense please contact us. Your security and trust matter to us.

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free