Security and Compliance Specialist II

Are you passionate about building world-class security and compliance infrastructure and programs? Do you have a strong track record of driving operational excellence across programs? Do you enjoy partnering with other teams and thrive as a problem-solver in a fast-paced, often hectic environment?

Ridgeline’s Security & Compliance Specialist II will have a unique opportunity to contribute to the security, compliance, and privacy initiatives from an early stage of the company. In this position, you will work directly with others across Security, Compliance, Legal, and Engineering to define, design, implement, and monitor security, compliance, and privacy procedures throughout the organization.  

You’ll be responsible for the performance and monitoring of controls critical to the security, compliance, and privacy of the Ridgeline platform and partnering with other functional area leaders to identify security, compliance, and privacy risks and help develop mitigation strategies.  You’ll contribute to Ridgeline’s security training programs and be an integral part of bringing those around you on our cloud security and compliance journey.

You must be work authorized in the United States without the need for employer sponsorship.

What you will do:

• Perform essential maintenance tasks to ensure operational stability, such as conducting access reviews and vendor risk assessments, and overseeing the execution of recurring SOC 2 controls
• Assist in managing and executing recurring audits, such as the SOC 2, with Ridgeline’s third-party auditors
• Partner with Ridgeline control owners across the organization to help them understand audit requirements and audit results to identify and prioritize remediation options for any gaps and findings closure
• Evolve and implement security training and awareness programs to help up-level Ridgeline personnel with Ridgeline’s security, compliance, and privacy policies, procedures, and controls
• Evaluate regulatory changes to understand the impact on Ridgeline’s security, compliance, and privacy program with industry security standards and privacy expectations
• Develop, implement, manage, and consult on security and privacy policies, controls, and procedures
• Evaluate the security, compliance, and privacy of third-party or natively provided tools, including AI tools, and services by thinking creatively, owning the problems, seeking solutions, and communicating clearly 
• Contribute to a collaborative environment deeply rooted in empathy, learning, teaching, and transparency
• Partner with Ridgeline Security Technical Program Managers to manage critical projects across the organization
• Partner with Security leadership to drive process improvement efforts and mature our roadmap, planning, and metrics programs

Desired Skills and Experience

• Bachelor's degree in Management Information Systems, Accounting, Computer Science, or equivalent practical experience
• 2+ years working in risk and controls, audit, project management, or information security compliance
• Knowledge of cloud security concepts and architectures
• Familiarity with tools and processes used to monitor, analyze, manage, and report on security and compliance programs
• Experience in data privacy principles and regulatory and compliance standards such as SOC 2, ISO 27001, ISO 27018, CCPA, GDPR, etc.
• Knowledge of security frameworks and best practices, such as CSA CCM, NIST, CoBIT, and Trust Service Criteria
• Ability to adapt to and support evolving AI technologies in alignment with responsible AI best practices
• Strong organizational and project management skills 
• An aptitude for problem-solving, emerging technology, and SaaS providers 
• Ability to communicate and influence effectively with colleagues at all levels
• Ability to organize and prioritize security, compliance, and privacy-related projects
• Serious interest in having fun at work

Bonus

• AWS Certified Cloud Practitioner (CCP)
• Experience with public cloud compliance
• Certified Information System Auditor (CISA)
• Certified Information Privacy Professional (CIPP/E/US/CA)
• GIAC Security Essentials (GSEC)
• Leadership and Responsible AI Governance experiences are a plus

About Ridgeline

Ridgeline is the industry cloud platform for investment management. It was founded by visionary tech entrepreneur Dave Duffield (co-founder of both PeopleSoft and Workday) to apply his successful formula of solving operational business challenges with bold innovation and human connectivity to the unique needs of the investment management industry. 

Ridgeline started with a clean sheet of paper and a deep bench of experts bound by a set of core values and motivated to revolutionize an industry underserved by its current tech offerings. We are building a new, modern platform in the public cloud, purpose-built for the investment management industry and we are prioritizing security, agility, and usability to empower business like never before.

With a growing campus in Reno and offices in New York, Lake Tahoe, and the Bay Area, Ridgeline is proud to have built a fast-growing, people-first company that has been recognized by Fast Company as a “Best Workplace for Innovators,” by The Software Report as a “Top 100 Software Company,” and by Forbes as one of “America’s Best Startup Employers.”

Ridgeline is proud to be a community-minded, discrimination-free equal opportunity workplace.

Ridgeline processes the information you submit in connection with your application in accordance with the Ridgeline Applicant Privacy Statement. Please review the Ridgeline Applicant Privacy Statement in full to understand our privacy practices and contact us with any questions.

Compensation and Benefits 

The typical starting salary range for new hires in this role is $90,000 - $107,500. Final compensation amounts are determined by multiple factors, including candidate experience and expertise, and may vary from the amount listed above. 

As an employee at Ridgeline, you’ll have many opportunities for advancement in your career and can make a true impact on the product.

In addition to the base salary, 100% of Ridgeline employees can participate in our Company Stock Plan subject to the applicable Stock Option Agreement. We also offer rich benefits that reflect the kind of organization we want to be: one in which our employees feel valued and are inspired to bring their best selves to work. These include unlimited vacation, educational and wellness reimbursements, and $0 cost employee insurance plans. Please check out our Careers page for a more comprehensive overview of our perks and benefits.