Key skills
SQLSaaSCommunication
About this role
Role Overview
- Participates in maintaining and evolving the compliance program framework, including designing and developing policies, standards, and procedures.
- Facilitates and performs 2nd Line of Defense control testing and validation
- Facilitates compliance operations including User Access Reviews, Due Diligence Questionnaires, and Issues Management.
- Consults with cross-functional and security teams to implement policies and procedures as well as assess data privacy and security risks, to mitigate potential compliance issues.
- Contributes to the maintenance and continuous improvement of the overall security compliance posture of AuditBoard.
- Interfaces and collaborates with security and legal teams on compliance issues
- Participates in security compliance assessments
- Assists in providing responses to customer and vendor questionnaires
- Facilitates training, awareness, and communication of security and compliance matters across AuditBoard;
- Participates in developing and delivering training programs on security awareness, data handling/protection, and privacy.
Requirements
- 3+ years of experience as a security compliance professional with an in-depth understanding of control objectives, procedures, compliance gap assessments, and evidence collection covering ISO 27001 / 27002, NIST CSF, NIST 800-53, CMMC / NIST 800-171, SOC1 / SOC2, FedRAMP, and common industry standards.
- Experience in a B2B SaaS organization
- Knowledge and experience with compliance automation tooling and practices / SQL.
- Bachelor's degree
- Ability and desire to learn new technologies and data flows quickly to help assess security risks and develop appropriate risk mitigation elements
- Ability to translate and distill laws and regulatory requirements and legal advice into operational control procedures and policies and provide practical guidance to business units and functions on those requirements
- Ability to collect, describe, and display technical information in a way to help decision-making
- Experience in collaborating among cross-functional and global teams with the ability to drive and manage multiple simultaneous projects
- Experience developing security and ELC controls and communicating them to business stakeholders.
- Excellent verbal and written communication skills
- Relevant privacy and security certifications such as CISSP, CISM, CISA.
Tech Stack
- SQL
Benefits
- $200/mo for anything that enhances your life
- Comprehensive employee health coverage (all locations)
- 401K with match (US) or pension with match (UK)
- Competitive compensation & bonus program
- Flexible Vacation (US exempt & CA) or 25 days (UK)
- Time off for your birthday & volunteering
- Employee resource groups
- Opportunities for team and company-wide get-togethers!