LangChain
About LangChain
At LangChain, our mission is to make intelligent agents ubiquitous. We provide the agent engineering platform and open source frameworks developers need to ship reliable agents fast.
Our open source frameworks, LangChain and LangGraph, see over 90+ million downloads per month and help developers build agents with speed and granular control. LangSmith offers observability, evaluation, and deployment for rapid iteration, enabling teams to transform LLM systems into dependable production experiences.
LangChain is trusted by millions of developers worldwide and powers AI teams at companies like Replit, Clay, Cloudflare, Harvey, Rippling, Vanta, Workday, and more.
About the role LangChain is hiring a Security Compliance Analyst to help build, operate, and scale our security compliance and customer trust programs. We are looking to hire in person in SF or NY.
This role is highly hands-on and execution-focused. You will work across Security, Engineering, IT, Legal, People, and Product to turn security requirements into real, operating controls. You’ll help shape how we respond to customer security reviews, manage audits, assess vendors, and automate compliance using modern GRC tooling such as Vanta.
This role is well-suited for someone who enjoys building processes, working through ambiguity, and collaborating closely with a wide range of stakeholders to get things done.
Build, maintain, and continuously improve responses to
customer security questionnaires , RFPs, and trust reviews in partnership with Security, Engineering, Legal, and Product teams.
Support the design, execution, and ongoing operation of
SOC 2
and
ISO 27001
compliance programs, including evidence collection, remediation tracking, and audit coordination.
Configure, operate, and improve
GRC automation
using tools like
Vanta , focusing on continuous evidence collection and minimizing manual compliance work.
Assist with the
implementation of new security and privacy frameworks , including scoping requirements, mapping controls, and helping operationalize them across the organization.
Support
privacy compliance efforts
(e.g.,
GDPR, CCPA ) by maintaining documentation, tracking requirements, and partnering with Legal and Engineering on operational controls.
Work with Engineering, IT, and Security to
make compliance a natural part of system design and operation , rather than a separate or manual process.
Identify control and evidence gaps and actively drive follow-ups with responsible teams to resolution.
Support the development and operation of a
third-party risk management
process, including vendor intake, security assessments, and ongoing reviews.
Partner with Legal, IT, Procurement, and Product during vendor onboarding and renewals to ensure security requirements are clearly understood and met.
Help draft, maintain, and evolve
security policies, standards, and procedures
so they are practical, clear, and aligned with how teams actually work.
Assist with tracking
security and compliance risks
in a centralized risk register and supporting remediation efforts.
Contribute to building repeatable, scalable processes that improve audit readiness and customer trust as LangChain grows.
How to be successful in this role
3+ years of professional experience
in security compliance, GRC, risk management, privacy operations, or a closely related role.
Experience in either:
a
high-growth startup environment , or
a
consulting, audit, or assurance environment
(e.g., Big 4), with exposure to multiple clients, systems, or stakeholders.
Hands-on experience
supporting or performing audits
for
SOC 2
and/or
ISO 27001 , including evidence review, control validation, and remediation tracking.
Experience responding to
customer security questionnaires , due-diligence requests, or trust reviews.
Familiarity with
GRC platforms
such as
Vanta, Drata, Secureframe, or AuditBoard , with an interest in automation-first compliance.
Working understanding of
cloud environments
(AWS, GCP, or Azure), including access controls, encryption, and logging concepts.
Exposure to
privacy requirements
such as
GDPR, CCPA , or similar regulations, and experience supporting privacy-related controls or documentation.
Strong organizational and follow-through skills, with the ability to manage multiple workstreams across many teams.
Clear written and verbal communication skills, especially when explaining security or compliance concepts.
Comfortable operating in a fast-moving environment and taking initiative to build or improve processes.
Bonus:
Experience implementing or expanding
new compliance or privacy frameworks
beyond SOC 2.
Experience improving GRC workflows through
automation, APIs, or tooling integrations .
Prior experience in a
SaaS, cloud-native, developer-focused, or AI/ML-driven
company.
Familiarity with
NIST CSF, CIS Controls, HIPAA , or Data Privacy Framework concepts.
Relevant certifications such as
CISA, CISSP, or ISO 27001 Foundation/Implementer .
Compensation & Benefits
We offer competitive compensation that includes base salary, meaningful equity, and benefits such as health and dental coverage, flexible vacation, a 401(k) plan, and life insurance. Actual compensation will vary based on role, level, and location. For team members in the EU and UK, we provide locally competitive benefits aligned with regional norms and regulations.
Annual salary range: $150,000-$185,000 USD
#J-18808-Ljbffr
Our open source frameworks, LangChain and LangGraph, see over 90+ million downloads per month and help developers build agents with speed and granular control. LangSmith offers observability, evaluation, and deployment for rapid iteration, enabling teams to transform LLM systems into dependable production experiences.
LangChain is trusted by millions of developers worldwide and powers AI teams at companies like Replit, Clay, Cloudflare, Harvey, Rippling, Vanta, Workday, and more.
About the role LangChain is hiring a Security Compliance Analyst to help build, operate, and scale our security compliance and customer trust programs. We are looking to hire in person in SF or NY.
This role is highly hands-on and execution-focused. You will work across Security, Engineering, IT, Legal, People, and Product to turn security requirements into real, operating controls. You’ll help shape how we respond to customer security reviews, manage audits, assess vendors, and automate compliance using modern GRC tooling such as Vanta.
This role is well-suited for someone who enjoys building processes, working through ambiguity, and collaborating closely with a wide range of stakeholders to get things done.
Build, maintain, and continuously improve responses to
customer security questionnaires , RFPs, and trust reviews in partnership with Security, Engineering, Legal, and Product teams.
Support the design, execution, and ongoing operation of
SOC 2
and
ISO 27001
compliance programs, including evidence collection, remediation tracking, and audit coordination.
Configure, operate, and improve
GRC automation
using tools like
Vanta , focusing on continuous evidence collection and minimizing manual compliance work.
Assist with the
implementation of new security and privacy frameworks , including scoping requirements, mapping controls, and helping operationalize them across the organization.
Support
privacy compliance efforts
(e.g.,
GDPR, CCPA ) by maintaining documentation, tracking requirements, and partnering with Legal and Engineering on operational controls.
Work with Engineering, IT, and Security to
make compliance a natural part of system design and operation , rather than a separate or manual process.
Identify control and evidence gaps and actively drive follow-ups with responsible teams to resolution.
Support the development and operation of a
third-party risk management
process, including vendor intake, security assessments, and ongoing reviews.
Partner with Legal, IT, Procurement, and Product during vendor onboarding and renewals to ensure security requirements are clearly understood and met.
Help draft, maintain, and evolve
security policies, standards, and procedures
so they are practical, clear, and aligned with how teams actually work.
Assist with tracking
security and compliance risks
in a centralized risk register and supporting remediation efforts.
Contribute to building repeatable, scalable processes that improve audit readiness and customer trust as LangChain grows.
How to be successful in this role
3+ years of professional experience
in security compliance, GRC, risk management, privacy operations, or a closely related role.
Experience in either:
a
high-growth startup environment , or
a
consulting, audit, or assurance environment
(e.g., Big 4), with exposure to multiple clients, systems, or stakeholders.
Hands-on experience
supporting or performing audits
for
SOC 2
and/or
ISO 27001 , including evidence review, control validation, and remediation tracking.
Experience responding to
customer security questionnaires , due-diligence requests, or trust reviews.
Familiarity with
GRC platforms
such as
Vanta, Drata, Secureframe, or AuditBoard , with an interest in automation-first compliance.
Working understanding of
cloud environments
(AWS, GCP, or Azure), including access controls, encryption, and logging concepts.
Exposure to
privacy requirements
such as
GDPR, CCPA , or similar regulations, and experience supporting privacy-related controls or documentation.
Strong organizational and follow-through skills, with the ability to manage multiple workstreams across many teams.
Clear written and verbal communication skills, especially when explaining security or compliance concepts.
Comfortable operating in a fast-moving environment and taking initiative to build or improve processes.
Bonus:
Experience implementing or expanding
new compliance or privacy frameworks
beyond SOC 2.
Experience improving GRC workflows through
automation, APIs, or tooling integrations .
Prior experience in a
SaaS, cloud-native, developer-focused, or AI/ML-driven
company.
Familiarity with
NIST CSF, CIS Controls, HIPAA , or Data Privacy Framework concepts.
Relevant certifications such as
CISA, CISSP, or ISO 27001 Foundation/Implementer .
Compensation & Benefits
We offer competitive compensation that includes base salary, meaningful equity, and benefits such as health and dental coverage, flexible vacation, a 401(k) plan, and life insurance. Actual compensation will vary based on role, level, and location. For team members in the EU and UK, we provide locally competitive benefits aligned with regional norms and regulations.
Annual salary range: $150,000-$185,000 USD
#J-18808-Ljbffr