Regulatory Compliance Associate (Remote - USA)

📋 Description

• • Join Commvault as a Regulatory Compliance Associate and become the linchpin that keeps our fast-growing, cloud-first data management platform on the right side of every regulation—domestic and international. You will own the day-to-day execution of our global compliance program, translating complex statutes, frameworks, and contractual obligations into clear, actionable guidance for engineering, product, sales, and customer success teams.
• • Own the end-to-end compliance lifecycle for SOC 2 Type II, ISO 27001, HIPAA, FedRAMP, GDPR, CCPA, PCI-DSS, and emerging state privacy acts. You will schedule and coordinate external audits, manage evidence repositories, track remediation items, and publish executive-ready dashboards that show real-time posture across every control domain.
• • Serve as the primary point of contact for customer security questionnaires, RFP security schedules, and due-diligence calls. You will craft crisp, accurate responses that shorten sales cycles and reinforce Commvault’s reputation as the most trusted name in data protection.
• • Build and maintain a living policy library that maps every regulatory requirement to internal controls, technical safeguards, and operational procedures. You will run quarterly policy reviews with stakeholders, ensuring that wording stays current as laws, standards, and product features evolve.
• • Design and deliver role-based training that turns abstract compliance concepts into memorable, practical habits. From phishing simulations for all staff to deep-dive sessions for SRE teams on encryption key rotation, your content will reduce risk and foster a culture where security is everyone’s job.
• • Continuously monitor regulatory horizon scanning feeds, legislative bulletins, and industry working groups. You will translate “what-if” scenarios into concrete impact assessments and project plans so Commvault is never caught off-guard by a new rule or ruling.
• • Partner with Legal, Privacy, and Product Counsel to conduct Data Protection Impact Assessments (DPIAs) and Transfer Impact Assessments (TIAs) for new features and cross-border data flows. Your analysis will directly influence product roadmaps and go-to-market strategies.
• • Automate evidence collection and control testing by integrating GRC tools (e.g., Drata, Vanta, Archer) with Jira, GitHub Actions, and AWS Config. You will script lightweight compliance checks that run in CI/CD pipelines, catching drift before it becomes a finding.
• • Lead incident-response tabletop exercises focused on regulatory breach notification timelines. You will draft and maintain breach runbooks that specify who says what, to whom, and within how many hours, ensuring we meet the strictest global deadlines.
• • Champion a risk-based mindset across the organization by publishing monthly “Compliance Corner” newsletters, hosting Ask-Me-Anything sessions, and presenting at our internal engineering guilds. Your voice will turn compliance from a checkbox into a competitive advantage.
• • Track and report on key risk indicators (KRIs) such as open control deficiencies, overdue training, and audit findings aging >30 days. You will present trend analysis to the CISO and Risk Committee, influencing budget and staffing decisions.
• • Contribute to customer-facing whitepapers, trust-center web pages, and conference talks that showcase Commvault’s compliance achievements. Your storytelling will help prospects understand why “compliant by design” is more than a slogan.
• • Mentor junior analysts and interns, building a pipeline of compliance talent that can scale with Commvault’s ambitious growth targets. You will create onboarding checklists, shadowing calendars, and certification roadmaps that accelerate time-to-productivity.
• • Enjoy the freedom of a 100 % remote role with flexible hours, quarterly on-site summits, and a stipend for home-office gear. You will collaborate with colleagues across four time zones while still having the autonomy to structure your day around deep-focus work.