Compliance Analyst - Aiven - Helsingfors, Finland

We’re a global team of over 400 people, working together to push the boundaries of open-source technology and multi-cloud solutions. Our vision is to help developers, builders, and creators bring their ideas to life with speed and simplicity, by providing a cloud data platform that makes open-source databases, search, streaming, and application infrastructure easily accessible to everyone. The Role: We are seeking a proactive and detail-oriented Compliance Analyst to join our Security & Compliance team. This is an ideal opportunity for someone early in their career who wants to build a foundation in cloud compliance, audit, and customer trust, or someone at an intermediate level looking for a change. You’ll work alongside experienced compliance engineers and auditors to keep Aiven’s certifications healthy, support our internal teams in following sound processes, and help our customers get the assurance they need to trust us with their data. What You’ll Do: This role spans evidence operations, audit support, third-party oversight, and customer-facing trust work: - Evidence Gathering: Partner with engineering, IT, People Operations, and other stakeholders to collect, organize, and validate evidence required for SOC 2, ISO 27001, PCI DSS, and GDPR/privacy programs. - Auditor Coordination: Act as a day-to-day point of contact for external auditors during fieldwork — fulfilling sample requests, walking through controls, and tracking open items to closure. - Continuous Compliance: Maintain control evidence in our GRC tooling on an ongoing basis so audits aren’t a fire drill. Flag drift or expiring evidence early. - Internal Audit Activities: Assist with internal control testing, sampling, and walkthroughs across the year. Document findings clearly and track remediation with control owners. - Process Partnership: Work with internal teams (engineering, IT, People Operations, vendor management) to translate compliance requirements into pragmatic, day-to-day process. Help teams meet controls without slowing them down. - Policy and Documentation Hygiene: Assist with reviewing, updating, and version-controlling security and compliance policies, standards, and procedures. - Material and Critical Third Parties: Help maintain Aiven’s inventory of material and critical third-party providers, ensuring each has a current risk profile and the right level of oversight. - Ongoing Due Diligence: Run recurring due diligence on key vendors and sub-processors — collecting and reviewing SOC 2 reports, ISO certifications, security questionnaires, and other assurance artifacts; flagging gaps for senior review. - Vendor Lifecycle Support: Partner with procurement, legal, and security on intake of new vendors and on periodic re-assessments, contract review checkpoints, and offboarding. - Security Questionnaires: Respond to customer and prospect security and compliance questionnaires accurately and on time. Maintain and improve our answer library so common questions are easy to answer consistently. - Trust Center Support: Help keep customer-facing artifacts (compliance reports, certifications, sub-processor lists, FAQs) accurate and current. - Cross-functional Liaison: Partner with Sales, Legal, and Security engineering to escalate complex questions and unblock customer deals. What We’re Looking For: - Up to 2 years of experience (including internships, co-ops, or hands-on coursework) in compliance, internal audit, GRC, IT audit, information security, or a closely related field. - Familiarity with at least one major compliance framework — SOC 2, ISO 27001, PCI DSS, or GDPR — gained through study, certification, or hands-on work. - Strong attention to detail and a disciplined, organized approach to tracking evidence, deadlines, and follow-ups. - Comfortable navigating ambiguity, asking good questions, and learning quickly from senior team members. - Excellent written and verbal communication — you can explain a control to an engineer and an audit finding to a manager without losing either of them. - Comfort working in a cloud-first environment (AWS, GCP, or Azure exposure is a plus, not a requirement). - Interest in using scripting, automation, or AI tooling (e.g., Python, basic SQL, no-code/low-code platforms, or modern AI assistants) to make repetitive evidence and questionnaire work less repetitive. - Bonus: exposure to GRC platforms, questionnaire tooling, or relevant professional certifications in security, audit, or compliance. Amazing! What’s next: If you think Aiven is the place for you and that our Values align with yours, send us your resume and we’ll get in touch!