Compliance Analyst, US Compliance Programs

Spellbook is the most comprehensive AI copilot for transactional lawyers. It works directly inside Microsoft Word to help legal teams draft, review, and negotiate contracts up to 10x faster and with greater precision. Today, more than 4,000 law firms, in-house teams, and solo practitioners rely on Spellbook to simplify their workflows and eliminate the drudgery of everyday contract work.

We are backed by leading investors including Khosla Ventures, Thomson Reuters Ventures, Inovia Capital, The LegalTech Fund, Bling Capital, and Moxxie Ventures. The company recently raised $50 million in Series B funding, led by Keith Rabois at Khosla Ventures, bringing its total funding to more than $80 million.

*This is an existing vacancy

Legal teams worldwide trust Spellbook with sensitive, confidential, and privileged information, and we're looking for a Compliance Analyst to help us hold up our end of that trust. You'll build, implement, and scale Spellbook's US compliance program across government, healthcare, financial services, and other regulated customers — operationalizing framework requirements, preparing for audits and assessments, maintaining audit-quality evidence, and pushing government compliance initiatives forward with urgency.

You'll partner closely with our Director of Security & IT and work cross-functionally with Engineering, Legal, Sales, and Customer Success. This is a hands-on execution role for someone who can translate complex frameworks, regulations, and customer requirements into practical internal processes that keep Spellbook moving quickly and responsibly.

• Implement and maintain US compliance program initiatives across government, healthcare, financial services, and enterprise SaaS customer requirements.

• Drive readiness, implementation, and ongoing maintenance for frameworks such as TX-RAMP, GovRAMP, FedRAMP, HIPAA, SOC 2, and other security or privacy compliance obligations.

• Manage compliance operations in platforms like Vanta — evidence collection, control monitoring, policy tracking, vendor documentation, employee compliance tasks, and audit-readiness workflows.

• Coordinate with external auditors, assessors, consultants, legal advisors, and certification bodies through every phase of an engagement.

• Lead government compliance initiatives, including control mapping, gap assessments, documentation packages, system descriptions, policy updates, and customer-facing compliance responses.

• Maintain compliance artifacts including policies, procedures, risk registers, control narratives, system inventories, access reviews, training records, and audit evidence.

• Track regulatory, framework, and customer requirement changes and translate them into practical updates to internal controls and workflows.

• Partner with Sales and Customer Success on security questionnaires, public sector procurement requirements, and regulated customer due diligence.

• Define repeatable compliance workflows for intake, triage, ownership, escalation, documentation, reporting, and remediation.

• Use AI, automation, and compliance tooling to reduce manual work, improve evidence quality, and accelerate program execution.

• Support with other responsibilities and projects as required.

• Experience in compliance, security assurance, GRC, audit, risk management, privacy, or a related function — ideally supporting a SaaS, cloud, AI, legaltech, fintech, healthtech, or public sector environment.

• Familiarity with security and compliance frameworks such as SOC 2, ISO 27001, NIST 800-53, NIST CSF, HIPAA, FedRAMP, TX-RAMP, or GovRAMP.

• Hands-on experience collecting audit evidence, maintaining control documentation, tracking remediation, and supporting internal or external assessments.

• Experience using compliance automation or GRC platforms such as Vanta, Linear, or similar tools.

• Strong ability to read framework requirements, customer obligations, and regulatory guidance and convert them into actionable project plans.

• Experience partnering with technical teams to understand systems, access controls, data flows, infrastructure, cloud environments, and security control implementation.

• Excellent written and verbal communication skills, with the ability to explain compliance requirements in plain English to technical, legal, business, and executive audiences.

• Highly organized and comfortable managing multiple compliance workstreams, deadlines, audits, and stakeholder dependencies at the same time.

• Pragmatic at distinguishing high-priority compliance risks from lower-impact administrative issues, and able to move with urgency in ambiguous environments.

• US Citizenship and a non-expired US Passport or state-issued REAL ID driver's license.

• Experience supporting or implementing TX-RAMP, GovRAMP, FedRAMP, or other public sector cloud compliance initiatives.

• Experience with HIPAA compliance, healthcare customer requirements, BAAs, ePHI safeguards, or healthcare security assessments.

• Direct experience working with 3PAOs, external auditors, government assessors, or public sector procurement teams.

• Experience with NIST 800-53 control mapping, SSPs, POA&Ms, continuous monitoring, authorization boundaries, customer responsibility matrices, or audit evidence packages.

• Certifications such as CISA, CRISC, CISM, CISSP, CCSK, ISO 27001 Lead Implementer/Auditor, CIPP/US, or similar.

• Embrace autonomy and accountability in a flexible work environment; we focus on outcomes and empower you to determine how to get the job done

• Access our company-paid group benefits for you and your family, with $1,000 towards mental health support

• Disconnect during our holiday closure and take advantage of our generous time off policies throughout the year

• Enjoy monthly paid meals, an annual wellness allowance to support your well-being and parental leave top-ups as your family grows

• Secure your stake in our success; you’ll receive competitive stock option grants as a pivotal early employee

We are committed to creating an inclusive and supportive candidate experience. Should you require any accommodation whatsoever during the interview process, please inform us without any hesitation. Spellbook is dedicated to ensuring equal treatment and opportunity in all phases of recruitment, selection, and employment, in compliance with employment law. We do not discriminate based on gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other protected category. Spellbook is proud to be an equal opportunity employer, fostering a culture of inclusivity and maintaining a work environment that is free from discrimination, harassment, and retaliation.

Spellbook uses artificial intelligence (AI) responsibly to support administrative and efficiency-focused aspects of our recruitment process. This includes activities such as drafting job descriptions, generating interview questions, note-taking and recordings, and supporting sourcing and scheduling workflows. All candidate evaluations, interviews, and hiring decisions are made by members of the Spellbook team. While AI tools may assist with screening and assessment, they do not replace human judgment in selection decisions. Our use of AI is intended to streamline routine tasks, improve consistency, and enhance the overall candidate experience. We are committed to upholding principles of fairness, transparency, and accountability in all hiring activities. Spellbook regularly reviews its recruitment practices to mitigate bias and to ensure alignment with applicable laws and evolving best practices.

Spellbook uses industry benchmark data to establish compensation bands for all roles. The salary range listed for a position reflects the expected total wage range for the role—including base salary and on-target commissions, where applicable—and may span multiple career levels. Final compensation is determined during the interview process based on factors such as experience, skills, scope, and role level. In addition to base salary and applicable commissions, total rewards may include equity, health and wellness benefits, and other company programs. Full details will be shared during the interview process.