Security Compliance Analyst

About LangChain

At LangChain, our mission is to make intelligent agents ubiquitous. We provide the agent engineering platform and open source frameworks developers need to ship reliable agents fast.

Our open source frameworks, LangChain and LangGraph, see over 90+ million downloads per month and help developers build agents with speed and granular control. LangSmith offers observability, evaluation, and deployment for rapid iteration, enabling teams to transform LLM systems into dependable production experiences.

LangChain is trusted by millions of developers worldwide and powers AI teams at companies like Replit, Clay, Cloudflare, Harvey, Rippling, Vanta, Workday, and more.

About the role

LangChain is hiring a Security Compliance Analyst to help build, operate, and scale our security compliance and customer trust programs. We are looking to hire in person in SF or NY.

This role is highly hands-on and execution-focused. You will work across Security, Engineering, IT, Legal, People, and Product to turn security requirements into real, operating controls. You’ll help shape how we respond to customer security reviews, manage audits, assess vendors, and automate compliance using modern GRC tooling such as Vanta.

This role is well-suited for someone who enjoys building processes, working through ambiguity, and collaborating closely with a wide range of stakeholders to get things done.

• Build, maintain, and continuously improve responses to customer security questionnaires , RFPs, and trust reviews in partnership with Security, Engineering, Legal, and Product teams.
• Support the design, execution, and ongoing operation of SOC 2 and ISO 27001 compliance programs, including evidence collection, remediation tracking, and audit coordination.
• Configure, operate, and improve GRC automation using tools like Vanta , focusing on continuous evidence collection and minimizing manual compliance work.
• Assist with the implementation of new security and privacy frameworks , including scoping requirements, mapping controls, and helping operationalize them across the organization.
• Support privacy compliance efforts (e.g., GDPR, CCPA ) by maintaining documentation, tracking requirements, and partnering with Legal and Engineering on operational controls.
• Work with Engineering, IT, and Security to make compliance a natural part of system design and operation , rather than a separate or manual process.
• Identify control and evidence gaps and actively drive follow-ups with responsible teams to resolution.
• Support the development and operation of a third-party risk management process, including vendor intake, security assessments, and ongoing reviews.
• Partner with Legal, IT, Procurement, and Product during vendor onboarding and renewals to ensure security requirements are clearly understood and met.
• Help draft, maintain, and evolve security policies, standards, and procedures so they are practical, clear, and aligned with how teams actually work.
• Assist with tracking security and compliance risks in a centralized risk register and supporting remediation efforts.
• Contribute to building repeatable, scalable processes that improve audit readiness and customer trust as LangChain grows.

How to be successful in this role

• 3+ years of professional experience in security compliance, GRC, risk management, privacy operations, or a closely related role.
• Experience in either:
  • a high-growth startup environment , or
  • a consulting, audit, or assurance environment (e.g., Big 4), with exposure to multiple clients, systems, or stakeholders.
• Hands-on experience supporting or performing audits for SOC 2 and/or ISO 27001 , including evidence review, control validation, and remediation tracking.
• Experience responding to customer security questionnaires , due-diligence requests, or trust reviews.
• Familiarity with GRC platforms such as Vanta, Drata, Secureframe, or AuditBoard , with an interest in automation-first compliance.
• Working understanding of cloud environments (AWS, GCP, or Azure), including access controls, encryption, and logging concepts.
• Exposure to privacy requirements such as GDPR, CCPA , or similar regulations, and experience supporting privacy-related controls or documentation.
• Strong organizational and follow-through skills, with the ability to manage multiple workstreams across many teams.
• Clear written and verbal communication skills, especially when explaining security or compliance concepts.
• Comfortable operating in a fast-moving environment and taking initiative to build or improve processes.

Bonus:

• Experience implementing or expanding new compliance or privacy frameworks beyond SOC 2.
• Experience improving GRC workflows through automation, APIs, or tooling integrations .
• Prior experience in a SaaS, cloud-native, developer-focused, or AI/ML-driven company.
• Familiarity with NIST CSF, CIS Controls, HIPAA , or Data Privacy Framework concepts.
• Relevant certifications such as CISA, CISSP, or ISO 27001 Foundation/Implementer .

Compensation & Benefits

• We offer competitive compensation that includes base salary, meaningful equity, and benefits such as health and dental coverage, flexible vacation, a 401(k) plan, and life insurance. Actual compensation will vary based on role, level, and location. For team members in the EU and UK, we provide locally competitive benefits aligned with regional norms and regulations.
• Annual salary range: $150,000-$185,000 USD