Job Description :
Sr. Security/ Compliance Analyst (GDPR, ISO, SOC 2)

Location: Mountain View

Duration: 4-6 Months Contract (Can go full time for right person)

Details :

Need a candidate that can work with third party vendors and risk management
Strong on compliance and security framework : GDPR, ISO, SOC 2
Someone that can do Gap analysis and remediation
Will be also speaking to their customers
Environment : very casual environment, 280 people in the company, 10 people on the IT and security team

Job Description

Perform security self-assessments in accordance various regulatory standards such as SOC 2 and ISO 27001, to identify and mitigate information security risks
Communicate gaps to the executive team, develop remediation plans, and work with internal stakeholders to ensure compliance with regulation and policy
Facilitate security governance committee efforts and manage risk management processes to ensure security controls are appropriately mitigating risks
Identify, research, and evaluate new information security compliance requirements and determine their impact to the company
Develop, implement, and maintain information security policies, controls, procedures, and documentation
Interface with third-party auditors and assessors
Manage third-party vendor risk assessments
Build trust relationship with customers through security questionnaire responses and communication of the company’s security and compliance posture
Facilitate security-related meetings with customers and management
Work across lines of business to understand the needs of internal and external stakeholders in order to optimally align security controls
Develop a company culture that is committed to securing information assets
Complete various security and IT operational projects as needed


Bachelor’s degree in Information Systems, related major, or equivalent work experience
3+ years experience in information security or IT audit
Experience implementing common information security processes and standards in alignment with common frameworks such as NIST CSF, SOC 2, and/or ISO 27001
Experience in a fast-growing startup environment
Ability to design a compliance assessment framework, request and analyze evidence, understand what practices are actually in place through stakeholder interviews
Strong understanding of SaaS company processes, information security, and technical terminology/concepts