Compliance Analyst

This is a fantastic opportunity to join Luminance, the pioneer of Legal-Grade™ AI for enterprise. Backed by internationally renowned VCs and named in both the Forbes AI 50 list of ‘Most Promising Private AI Companies in the World’ and Inc. 5000’s ‘Fastest Growing Companies in America’, Luminance is disrupting the legal profession around the globe.

Luminance is seeking a hands-on Compliance Analyst to support the operation and continuous improvement of our information security compliance programmes, including ISO/IEC 27001:2022, SOC 2 (Type I & II), and CMMC Level 1.

This role is responsible for maintaining audit defensibility while ensuring compliance processes are proportionate, scalable, and aligned with business growth. The successful candidate will work closely with Security, Procurement, Legal, and Engineering teams to embed structured, pragmatic, and repeatable compliance practices across the organisation.

Responsibilities

Compliance Programme Management

• Maintain and operate the ISO/IEC 27001:2022 ISMS.
• Support ongoing SOC 2 (Type II) and CMMC Level 1 compliance programmes.
• Manage compliance calendars, testing cycles, and control monitoring activities.
• Coordinate external audits (ISO surveillance/recertification, SOC 2, CMMC).

Control Monitoring & Evidence Management

• Perform periodic control checks and collect, validate, and organise audit evidence.
• Track nonconformities, findings, and corrective actions through to closure.
• Escalate material control gaps or risks to the Information Security Manager.

Third-Party Risk & Supplier Due Diligence

• Define and operate a proportionate, tiered supplier due diligence model.
• Work with Procurement to ensure appropriate questionnaires and documentation are issued and completed.
• Perform contextual risk assessments and provide compliance sign-off.
• Partner with Legal where contractual or regulatory review is required.

Process Design & Scalability

• Formalise structured, repeatable compliance workflows that scale with business growth.
• Identify opportunities to reduce manual effort through automation or process improvement.
• Maintain and evolve the risk register and remediation tracking processes.
• Support awareness and training initiatives to improve organisational compliance maturity.

• Demonstrable experience in information security compliance, IT audit, or Governance, Risk & Compliance (GRC).

• Working knowledge of ISO/IEC 27001:2022 and/or SOC 2 Trust Services Criteria.
• Experience supporting audits and managing evidence collection.
• Strong organisational, documentation, and stakeholder coordination skills.
• Ability to interpret regulatory and control requirements and translate them into practical business processes.
• Excellent written and verbal communication skills.

Desirable (but not essential)

• ISO 27001 Internal Auditor certification.
• Experience in SaaS or cloud-based environments.
• Familiarity with CMMC and NIST SP 800 frameworks.
• Working knowledge of risk management frameworks (ISO 31000, NIST RMF, FAIR).
• Experience with GRC platforms (e.g., Drata, Vanta, Secureframe).
• Exposure to AWS security controls.