legal
Posted Jun 2Compliance Analyst
at Aiven
Helsinki, FinlandHybrid
Responsibilities
- Maintain and improve our answer library so common questions are easy to answer consistently.
Requirements
- experience (including internships, co-ops, or hands-on coursework) in compliance, internal audit, GRC, IT audit, information security, or a closely related field.
- Familiarity with at least one major compliance framework — SOC 2, ISO 27001, PCI DSS, or GDPR — gained through study, certification, or hands-on work.
- Comfort working in a cloud-first environment (AWS, GCP, or Azure exposure is a plus, not a requirement).
- Interest in using scripting, automation, or AI tooling (e.g., Python, basic SQL, no-code/low-code platforms, or modern AI assistants) to make repetitive evidence and questionnaire work less repetitive.
Benefits
- Bonus: exposure to GRC platforms, questionnaire tooling, or relevant professional certifications in security, audit, or compliance.
- benefits are designed to help you thrive and grow, personally and professionally: Participate in Aiven’s equity plan.
- Inquire about our Global Time Off Commitment (Parental and Sick Leave, as well as Personal Time) Enjoy country-specific benefits for our global cast.
- This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, transfer, leaves of absence, compensation, training and any other terms and conditions related to employment.
Contact
- At Aiven, all of our emails relating to recruitment come from an @aiven.io, @greenhouse.io or @eu.greenhouse.io domain and all of our interviews are conducted by video call or in person.
- If you’re unsure of the legitimacy of a job opportunity/offer pertaining to Aiven, please don’t hesitate to reach out to us at recruitment@aiven.io.
- There is an option to request a discussion in the application process but if you have any questions before applying please write to us at recruitment@aiven.io .
Additional details
- Help teams meet controls without slowing them down.
- Policy and Documentation Hygiene: Assist with reviewing, updating, and version-controlling security and compliance policies, standards, and procedures.
- Third-Party Risk and Due Diligence: Material and Critical Third Parties: Help maintain Aiven’s inventory of material and critical third-party providers, ensuring each has a current risk profile and the right level of oversight.
- Ongoing Due Diligence: Run recurring due diligence on key vendors and sub-processors — collecting and reviewing SOC 2 reports, ISO certifications, security questionnaires, and other assurance artifacts; flagging gaps for senior review.
- Vendor Lifecycle Support: Partner with procurement, legal, and security on intake of new vendors and on periodic re-assessments, contract review checkpoints, and offboarding.
- Customer Trust and Questionnaires: Security Questionnaires: Respond to customer and prospect security and compliance questionnaires accurately and on time.
- Trust Center Support: Help keep customer-facing artifacts (compliance reports, certifications, sub-processor lists, FAQs) accurate and current.
- Cross-functional Liaison: Partner with Sales, Legal, and Security engineering to escalate complex questions and unblock customer deals.
- Strong attention to detail and a disciplined, organized approach to tracking evidence, deadlines, and follow-ups.
- Comfortable navigating ambiguity, asking good questions, and learning quickly from senior team members.