Mytra

Senior Risk and Compliance Analyst

About Mytra:

We’re creating an entirely new way to solve the most ubiquitous problem in industry - moving and storing material. We’re applying robotics and distributed software to create a new class of product for this $1T market. We’re focused on the supply chain industry first. The industry is in a massive bind with the continued growth of e-commerce, sharp rise in costs, and supply chain disruptions. What has been a “sleepy” industry for decades is now at the epicenter of sustaining the global economy.


About the Role:

As a Senior Risk and Compliance Analyst at Mytra, you will join the Security team during a critical period of growth, customer expansion, and security program maturation. Our team is building the operational foundation for scalable security governance, SOC 2 and ISO 27001 readiness, customer trust, vendor risk management, and transparent execution across company-wide security initiatives.

The ideal candidate is developing professional expertise in risk and compliance, can apply company policies and defined procedures to a variety of security and compliance issues, and can manage moderate-scope work with judgment, organization, and clear escalation. You will work closely with internal stakeholders, external auditors, vendors, customers, and the Security Committee to keep security work moving, organized, and visible.


What you’ll do:

  • Serve as the primary operational liaison between Mytra and external security certification auditors for SOC 2 and ISO 27001, helping coordinate requests, timelines, evidence packages, and follow-ups
  • Own audit evidence collection workflows, including gathering evidence from internal teams, checking evidence quality, organizing materials, tracking status, and delivering complete packages to auditors
  • Manage Security Committee operations, including pre-read material distribution, real-time meeting notes, committee organization tooling, recurring security activity tracking, and follow-through on personal and distributed tasks
  • Serve as co-admin / co-owner of Mytra’s Vanta GRC platform, helping maintain system organization, evidence workflows, control mappings, user access coordination, and audit readiness activities
  • Maintain transparency across security-related work by communicating tasks, risks, status, decisions, and updates to the Security team, Security Committee, and broader company audiences as appropriate
  • Track major security initiatives and help ensure they remain on schedule by maintaining clear workback plans, surfacing blockers early, and coordinating with owners across functions
  • Perform third-party security reviews for prospective vendor partners, including intake, questionnaire review, evidence assessment, risk documentation, and recommendation preparation
  • Support customer security reviews for prospective and existing customers by coordinating responses, collecting accurate information, managing review artifacts, and helping ensure timely completion
  • Manage recurring security policy updates so policies remain current, accurate, and aligned with company standards, security commitments, and evolving compliance needs
  • Interview Mytra staff to understand real operating procedures, document pertinent processes, and integrate those procedures into the security policy and procedure stack
  • Research potential new security tooling, compare options across multiple vendors, and provide clear summaries of tradeoffs, costs, risks, implementation considerations, and recommendations
  • Schedule and coordinate security-related meetings with internal and external stakeholders, ensuring the right people, materials, context, and follow-ups are in place

Ideal Candidates:

  • Have experience in security, compliance, risk management, GRC, audit readiness, vendor risk, customer security reviews, or a related operational role
  • Understand the basics of SOC 2, ISO 27001, security policies, audit evidence, control ownership, and compliance documentation, with a desire to deepen expertise over time
  • Are highly organized and can manage multiple recurring activities, deadlines, requests, meetings, and follow-ups without losing details
  • Communicate clearly and proactively with internal teams, external auditors, vendors, and customers, translating security and compliance needs into practical next steps
  • Exercise sound judgment within defined procedures and know when to escalate ambiguity, risk, blockers, or decisions that require security leadership input
  • Build productive working relationships across functions and are comfortable interviewing staff, asking precise questions, and turning operational knowledge into clear written procedures
  • Are detail-oriented and quality-minded, especially when reviewing evidence, updating policies, preparing auditor materials, or responding to customer and vendor security requests
  • Are comfortable operating in a fast-paced startup environment where processes are evolving and strong documentation, ownership, and follow-through matter
  • Have strong written communication skills and can produce clear, structured documentation for policies, procedures, meeting notes, task trackers, review summaries, and decision records
  • Demonstrate a collaborative, team-first mindset with the confidence to ask questions, raise concerns early, and help create visibility across the security program

Nice to have:

  • Experience supporting SOC 2, ISO 27001, or similar security certification programs
  • Familiarity with GRC tools, ticketing systems, knowledge bases, vendor review platforms, or audit evidence management workflows
  • Experience coordinating committees, governance forums, recurring compliance activities, or cross-functional operating cadences
  • Prior exposure to customer security questionnaires, vendor due diligence, risk registers, control testing, or policy lifecycle management
  • Experience researching and comparing security tools across multiple vendors and presenting practical recommendations to technical and non-technical stakeholders
  • Interest in robotics, industrial automation, hardware/software systems, supply chain technology, or security for complex electro-mechanical systems


A Final Note:

If this role excites you, we encourage you to apply — even if you don’t check every box. At Mytra, we build bots, but we hire humans. We value thoughtful challengers who communicate with clarity and respect, and we’re lifelong learners committed to getting better every day. We move fast, learn faster, and show up for each other under pressure. The best outcomes come from diverse perspectives working together to build something meaningful and built to last.


Benefits Include:

  • Competitive compensation and equity grants at a high-growth company backed by top-tier VCs
  • Fully subsidized health coverage, including medical (baseline plans), dental, and vision for employees and dependents
  • 401(k) plans and employer-subsidized life insurance
  • Fully subsidized lunch and snacks at HQ—we eat and share stories together at the “long” table
  • Generous PTO and company-paid holidays, including one week over the winter break so everyone can recharge together
  • Voluntary pet insurance, Voluntary Life Insurance, Accident, Critical Illness, and Hospital Indemnity
  • Fully subsidized tax advisory services and education to help you understand your equity
  • Commuter benefits, including a up to $150 monthly commuter benefit
  • Lively, modern combined office and lab space where we rapidly iterate through design, build, and test phases
  • Fully equipped onsite gym and showers at headquarters


Pay Notice:

Compensation for this position will be set based on the candidate's experience level and location. The posted salary band is applicable only to the San Francisco Bay Area and is subject to change.

This role requires on-site presence at our Brisbane, CA headquarters, for close collaboration with the other teams.

The pay range for this role is:

145,000 - 160,000 USD per year (Mytra, Inc.)

G&A

Brisbane, CA

Share on:

Terms of servicePrivacyCookiesPowered by Rippling