Job Specifications
This is a fantastic opportunity to join Luminance, the pioneer of Legal-Grade™ AI for enterprise. Backed by internationally renowned VCs and named in both the Forbes AI 50 list of ‘Most Promising Private AI Companies in the World' and Inc. 5000's ‘Fastest Growing Companies in America', Luminance is disrupting the legal profession around the globe.
Luminance is seeking a hands-on Compliance Analyst to support the operation and continuous improvement of our information security compliance programmes, including ISO/IEC 27001:2022, SOC 2 (Type I & II), and CMMC Level 1.
This role is responsible for maintaining audit defensibility while ensuring compliance processes are proportionate, scalable, and aligned with business growth. The successful candidate will work closely with Security, Procurement, Legal, and Engineering teams to embed structured, pragmatic, and repeatable compliance practices across the organisation.
Responsibilities
Compliance Programme Management
Maintain and operate the ISO/IEC 27001:2022 ISMS
Support ongoing SOC 2 (Type II) and CMMC Level 1 compliance programmes
Manage compliance calendars, testing cycles, and control monitoring activities
Coordinate external audits (ISO surveillance/recertification, SOC 2, CMMC)
Control Monitoring & Evidence Management
Perform periodic control checks and collect, validate, and organise audit evidence
Track nonconformities, findings, and corrective actions through to closure
Escalate material control gaps or risks to the Information Security Manager
Third-Party Risk & Supplier Due Diligence
Define and operate a proportionate, tiered supplier due diligence model
Work with Procurement to ensure appropriate questionnaires and documentation are issued and completed
Perform contextual risk assessments and provide compliance sign-off
Partner with Legal where contractual or regulatory review is required
Process Design & Scalability
Formalise structured, repeatable compliance workflows that scale with business growth
Identify opportunities to reduce manual effort through automation or process improvement
Maintain and evolve the risk register and remediation tracking processes
Support awareness and training initiatives to improve organisational compliance maturity
Requirements
Demonstrable experience in information security compliance, IT audit, or Governance, Risk & Compliance (GRC)
Working knowledge of ISO/IEC 27001:2022 and/or SOC 2 Trust Services Criteria
Experience supporting audits and managing evidence collection
Strong organisational, documentation, and stakeholder coordination skills
Ability to interpret regulatory and control requirements and translate them into practical business processes
Excellent written and verbal communication skills
Desirable (but Not Essential)
ISO 27001 Internal Auditor certification
Experience in SaaS or cloud-based environments
Familiarity with CMMC and NIST SP 800 frameworks
Working knowledge of risk management frameworks (ISO 31000, NIST RMF, FAIR)
Experience with GRC platforms (e.g., Drata, Vanta, Secureframe)
Exposure to AWS security controls
About the Company
Luminance is the pioneer in Legal-Grade(tm) AI for enterprise. Using a mixture of experts approach - known as the "Panel of Judges" - Luminance brings specialist AI to every touchpoint a business has with its contracts, from generation to negotiation and post-execution analysis.
Developed by AI experts from the University of Cambridge, Luminance's technology is trusted by 700+ customers in 70+ countries, from AMD and the LG Group to Hitachi, BBC Studios and Staples.
The company closed a $75 million Series C in early 2025 ...
Know more