Senior Analyst, Security Compliance

View full description

Requirements:

• 5–7 years in security engineering or technical external audit/advisory, including hands-on experience with industry frameworks (e.g. ISO 27001, SOC 2, PCI DSS, FedRAMP, NIST).
• Strong long-form and asynchronous writing skills for a fully remote, globally distributed team.
• Built and/or made substantial contributions to a common controls framework.
• Knowledge of infrastructure as code, CI/CD, orchestration tools, and private key management.
• Familiarity with security capabilities for major cloud service providers (e.g. AWS, Azure, GCP).
• Ability to white-board architectures and technical process flows.
• Communicate limitations and implementation specifics of technical controls with ease.

Responsibilities:

• Maintain a systems-level understanding of our global, large-scale technology infrastructure.
• Lead technical controls advisory for engineering, security, IT and beyond—keeping our security posture audit-ready and globally compliant across all products and regions.
• Plan and lead ISO 27001:2022, SOC 2 Type II, PCI DSS v4, SOX assessments with external assessors and regulators globally.
• Develop and sustain expert-level knowledge on regulations impacting Security, IT, Engineering
• Prepare the program for emerging frameworks and new products or jurisdictions without slowing product velocity.
• Write, update and enact policies and procedures capturing security requirements.
• Design and deploy AI-powered automations that turn manual compliance tasks into real-time, self-service workflows.