Senior Compliance Analyst

About Us

Canopy is a fast-growing SaaS company in South Jordan, Utah building simple, efficient software for accounting firms. We are looking to revolutionize the accounting space with modern, user-friendly software for a neglected industry. Our goal is to help our clients unlock the firm they've always wanted with our Practice Management Suite. We place strong emphasis on delighting our customers, spotting and solving problems, and being good people along the way.

Check out why our clients love Canopy. Interested in learning more about Canopy & the industry? Check out our blog here where you can find great information on our product features, industry news, practice management, and more!

Canopy is expanding our security and compliance program, and we re looking for a Senior Compliance Analyst to own and elevate our compliance initiatives as we scale. This is a high-impact role where you ll take ownership of our SOC 2 program and its expansion, build and maintain our Trust Center, and establish the policies and frameworks that enable secure, compliant growth.

You ll be our first dedicated compliance hire, working closely with our Security and Dev Ops teams to transition compliance ownership from an ad-hoc, team-distributed model to a structured, scalable program. This role is perfect for someone who loves building systems from the ground up, can balance strategic thinking with hands-on execution, and thrives in a collaborative, fast-moving environment.

This can be a hybrid position in South Jordan, Utah (M, W, F in-office) or fully remote based from Utah.

Compliance Program Ownership (30%)

• Lead the expansion of our SOC 2 audit scope to include all Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, and Privacy)
• Own and manage our compliance roadmap, ensuring we re continuously audit-ready
• Coordinate and manage SOC 2 audits, including evidence gathering, auditor communication, and remediation tracking
• Implement and maintain our Trust Center, making our security posture transparent and accessible to customers
• Serve as the primary point of contact for customer security questionnaires and assessments

Policy & Documentation Management (25%)

• Create, refine, and maintain comprehensive security and compliance policies, such as:
• Acceptable Use Policy
• Software Approval Policy
• AI Use Policy
• Incident Response Plan
• Data Retention, Access, and Classification policies
• Email Communication Policy
• Business Continuity Plans
• Ensure policies are practical, enforceable, and aligned with industry frameworks and regulatory requirements
• Develop clear, accessible documentation that empowers teams to understand and follow security best practices
• Partner with Legal, HR, and other departments to ensure policies are comprehensive and cross-functional

Risk & Vendor Management (20%)

• Own and maintain our risk register, conducting regular risk assessments and tracking mitigation efforts
• Lead third-party vendor security reviews and risk assessments
• Maintain detailed knowledge of what data exists in every third-party tool and who has access
• Track and manage vendor compliance documentation (SOC 2 reports, security attestations, etc.)
• Work with Procurement and Engineering to ensure vendors meet our security standards

Technical Control Implementation (15%)

• Implement security controls across our infrastructure and applications in collaboration with Security Engineers
• Work with the team to automate evidence collection and compliance monitoring using tools like Drata and Datadog
• Conduct internal reviews of audit controls to ensure they remain effective and up-to-date
• Identify gaps in our security posture and design solutions to address them
• Evaluate and implement new compliance and security tooling as needed

Cross-Functional Collaboration (10%)

• Partner with Engineering, Product, HR, Legal, and Sales to ensure compliance requirements are understood and met
• Ensure control owners across the organization complete their compliance tasks on schedule
• Provide training and guidance to teams on security and compliance best practices
• Serve as a trusted advisor to leadership on compliance strategy and risk posture

• 6+ years of experience in security compliance, with at least 2 years owning or leading SOC 2 audits
• Deep understanding of SOC 2 Trust Services Criteria and how to implement effective controls
• Proven experience building or scaling compliance programs at a SaaS or technology company
• Excellent policy writing skills with the ability to translate complex requirements into clear, actionable documentation
• Strong technical foundation with the ability to implement security controls and work effectively with engineering teams
• Experience managing GRC platforms (Drata, Vanta, or similar)
• Outstanding project management skills and ability to coordinate across multiple stakeholders
• Self-starter mentality with the ability to own initiatives from strategy through execution
• Strong ability to translate…