About XBOWAt XBOW, we’re redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. Today, the gold standard for securing software systems is human pentesters, but with the rise of artificial intelligence, we’re stepping up to scale offensive security to meet the ever-growing demand.AI is transforming the landscape of both cybersecurity and cyberattacks. While millions of people without security expertise are creating software, bad actors are using AI to launch more effective attacks. XBOW fights back with AI-driven superpowers, enabling security teams to stay one step ahead.What makes XBOW truly unique? Like human experts, it forges creative attacks, adapts its learnings, and continuously works to find vulnerabilities faster than anyone ever could. We’re not only simulating threats—we’re also finding and responsibly disclosing real-world vulnerabilities, ensuring organizations can fix issues before they’re exploited. XBOW isn’t just a tool; it’s a transformative force in the secure development lifecycle.Backed by Sequoia Capital and a team that includes the creators of GitHub Copilot and GitHub Advanced Security, XBOW is not just keeping up with the times—we’re shaping the future of cybersecurity. Our mission is simple: to defeat the bad actors before they strike, using AI to revolutionize how we approach offensive security.We’re building something that must be built, and we’re the team to do it. Join us in shaping the next frontier of autonomous security.Your Role: Information Security Analyst, GRCWe’re looking for a detail-oriented, Governance, Risk & Compliance Analyst to help scale our security and trust function as we grow. In this role, you’ll play a key part in supporting customer and prospect security reviews, assessing third-party vendor risk, and continuously improving how we identify and manage risk across the business.This is an individual contributor role with no initial people-management responsibilities. However, as the risk and compliance function matures, there is a clear opportunity for this role to grow in scope and responsibility.You’ll work closely with Security, Engineering, Legal, Sales, and Customer teams, acting as a trusted partner in communicating our security posture and ensuring we meet customer and regulatory expectations.What You'll DoSupport customers and prospects by completing technical security questionnaires, risk assessments, and due-diligence requestsPartner with Sales and Customer teams to explain XBOW’s security controls, architecture, and compliance postureAssess and manage third-party and vendor security risk, including reviews of SaaS providers and service partnersHelp maintain and improve risk assessment frameworks, methodologies, and documentationTrack and support remediation of identified risks in collaboration with internal stakeholdersContribute to compliance initiatives aligned with frameworks such as SOC 2 and ISO 27001Maintain clear, well-structured risk registers, policies, and supporting evidenceCoordinate risk management sessions and processesIdentify opportunities to streamline and automate risk and compliance processes as the company scalesSupport audits, customer reviews, and internal assurance activities as neededWho You Are3–5+ years of experience in risk, compliance, security assurance, or related rolesHands-on experience completing or reviewing technical security questionnaires and customer risk assessmentsFamiliarity and experience with common security and compliance frameworks (e.g. SOC 2, ISO 27001, NIST, FedRAMP)Comfortable assessing technical controls and working with engineers to understand system architectureExperience conducting or supporting vendor / third-party risk assessmentsStrong written communication skills, with the ability to explain complex security concepts clearlyHighly organized and detail-oriented, with a pragmatic approach to riskComfortable working in a fast-moving, remote-first startup environmentBonus PointsExperience working in a SaaS or security-focused companySecurity or risk certifications (e.g. CRISC, SOC2, ISO 27001 Lead Implementer, FedRAMP)Experience supporting a company through audit readiness or first-time compliance effortsWhat We OfferCompensation & Equity: Competitive salary and meaningful stock options.Growth: Opportunity to learn from and collaborate with top security and AI expertsImpact: Work on complex technical challenges that support the foundation of our companyRemote-First:Work from anywhere, with regular opportunities to meet in personWhat Else You Should KnowLocation: Remote US East Coast preferred (all team members are remote but we meet regularly and you’re supported to travel to collaborate with colleagues in person)Contract: Full-time.Hiring Process:Talent IntroductionHM InterviewSecurity Knowledge InterviewWe’d provide you some information live, and then ask you to analyze the information and provide a response from a security lens.Final Interview as neededWe’re a security company that builds with AI at the core - so you’ll be protecting a team that moves fast, iterates aggressively, and lives in the command line. If that sounds like your kind of environment, let’s talk.