Senior Compliance Analyst – Continuous Monitoring

About the role

We are looking for a proactive Senior Compliance Analyst to join Five9’s global Governance, Risk & Compliance (GRC) team. In this high‑visibility position you will own the Continuous Monitoring program, shape the Common Control Framework and partner with security, engineering and legal teams to ensure regulatory alignment across the organization.

Key responsibilities

• Design, operate and continuously improve the enterprise‑wide Continuous Monitoring (ConMon) program, tracking vulnerabilities, remediation actions and reporting status.
• Conduct recurring control assessments of technical, administrative and operational safeguards and feed findings back into the Common Control Framework.
• Develop and maintain the Common Control Framework, ensuring it meets requirements such as SOC 2, ISO 27001, PCI‑DSS, NIST 800‑53, DORA and C5.
• Manage risk exception and deviation processes, documenting compensating controls and tracking approvals.
• Facilitate compliance syncs with Security, Engineering, IT, Legal and Privacy, driving closure of action items and escalating critical risks.
• Support audit readiness by aligning evidence to controls, updating documentation and coordinating with process owners.
• Maintain core compliance artifacts including policies, SOPs, control narratives, risk registers and corrective action plans.
• Assist with incident response documentation, focusing on compliance impact and reporting obligations.

Required profile

• Detail‑oriented professional with strong analytical skills and the ability to think strategically about compliance processes.
• Experience in governance, risk and compliance within a technology‑focused environment.
• Excellent communication and collaboration skills to work across multiple functional teams.

Required skills

• Knowledge of SOC 2, ISO 27001, PCI‑DSS, NIST 800‑53, DORA and C5 compliance frameworks.
• Experience with continuous monitoring tools and vulnerability management processes.
• Familiarity with risk exception handling and control assessment methodologies.