Senior Security Compliance Analyst

Iterable is the leading AI-powered customer engagement platform that helps leading brands like Redfin, SeatGeek, Priceline, Calm, and Box create dynamic, individualized experiences at scale. Our platform empowers organizations to activate customer data, design seamless cross-channel interactions, and optimize engagement—all with enterprise-grade security and compliance. Today, nearly 1,200 brands across 50+ countries rely on Iterable to drive growth, deepen customer relationships, and deliver joyful customer experiences.

Our success is powered by extraordinary people who bring our core values—Trust, Growth Mindset, Balance, and Humility—to life. We foster a culture of innovation, collaboration, and inclusion, where ideas are valued and individuals are empowered to do their best work. That’s why we’ve been recognized as one of Inc’s Best Workplaces and Fastest Growing Companies, and were recognized on Forbes’ list of America’s Best Startup Employers in 2022. Notably, Iterable has also been listed on Wealthfront’s Career Launching Companies List and has held a top 10 ranking on the Top 25 Companies Where Women Want to Work.

With a global presence—including offices in San Francisco, New York, Denver, London, and Lisbon, plus remote employees worldwide—we are committed to building a diverse and inclusive workplace. We welcome candidates from all backgrounds and encourage you to apply. Learn more about our story and mission on our Culture and About Us pages. Let’s shape the future of customer engagement together!

The Team:

Customers trust Iterable with their marketing and sensitive information, expecting us to safeguard their data. Iterable's security team leads a cross-functional effort across the company to ensure that all systems remain secure in support of Iterable's core values, and to provide assurance to our customers that we will be the good stewards of their valued data. The Iterable security team actively collaborates and leads the effort to build Iterable's security architecture in concert with other groups as they develop or launch new features and services. As engineers, we believe in security through automation, our footprint spans across the entire company at all levels, from production to campus technology. 

The Role

Sr. Security Compliance Analyst - are motivated team players who ultimately will execute on work to ensure a positive security and compliance posture for Iterable.  This role will have the opportunity to work directly across all Governance Risk and Compliance programs by assisting with everything from external audits (such as SOC 2, ISO and privacy certifications) to risk assessments and to managing RFPs and Contract Reviews.  They will partner with various stakeholders across the organization to achieve the common goal of ensuring Iterable is able to meet our customers requirements for a secure organization. You’ll report directly to our Manager of Compliance. 

We're looking to expand our small but growing organization with teammates who are intellectually curious and willing to embrace challenges, all while keeping our company values of Humility, Trust, Growth Mindset, and Balance top of mind. 

One of our core values is a growth mindset and Iterable is a company where everyone can grow. If this is a role that excites you, please apply as we value applicants for the skills they bring beyond a job description.

Position Details:

• Conduct risk assessments to evaluate security, compliance, and operational risks across technical systems, third parties, and business processes.
• Engage with stakeholders across the organization to understand business processes, assess risks, and collaboratively determine risk ratings based on impact and likelihood.
• Assist with risk governance, working cross-functionally to identify, assess, and remediate security and privacy compliance risks.
• Analyze the technical and business impact of identified security and privacy risks, providing clear remediation guidance.
• Support compliance activities, including risk assessments, internal and external audits, and evidence gathering (e.g., SOC 2 Type 2, ISO 27001, CBPR, PRP).
• Support customer trust initiatives by managing security and privacy documentation, responding to customer inquiries, reviewing contract security terms, and assisting with RFPs and RFIs to ensure transparency and compliance.

The Ideal Candidate Will Be/Have:

• Working knowledge of risk assessment fundamentals (impact analysis, residual risk, mitigation strategies, etc.)
• Technical aptitude for application and infrastructure vulnerabilities, especially in cloud environments
• Experience assessing and advising on security and privacy risks related to systems, data handling, and infrastructure
• Ability to analyze complex security and privacy issues, identify key risks, and provide clear, actionable recommendations.
• Familiarity with industry-standard security and privacy compliance frameworks (ISO, SOC2, GDPR, CCPA, etc.)
• Strong customer service mindset with the ability to communicate security and privacy risks to internal and external stakeholders.
• Experience reviewing contracts, handling RFPs, and addressing security and compliance concerns.
  
• Strong attention to detail with the ability to multitask under tight deadlines
  
  

Bonus Points:

• Professional certifications such as CISA, CISSP, CISM, and/or CIPP 
• Familiarity with Cloud service such as Amazon Web Services

Perks & Benefits: 

• Paid parental leave
• Competitive salaries, meaningful equity, & 401(k) plan
• Medical, dental, vision, & life insurance
• Balance Days (additional paid holidays)
• Fertility & Adoption Assistance
• Paid Sabbatical
• Flexible PTO
• Monthly Employee Wellness allowance 
• Monthly Professional Development allowance 
• Pre-tax commuter benefits
• Complete laptop workstation

The US base salary range for this position at the start of employment is $126,500 - $189,500. Within this range, individual pay is determined by specific US work location, as well as additional factors, including job-related skills, experience, relevant education or training, and internal equity considerations.

Please note that the range listed above reflects only base salary. The total compensation package includes variable pay (where applicable), equity, plus a range of benefits, including medical, dental, vision, and financial. In addition, we offer perks such as generous stipends for health & fitness and learning & development, among others.

Recruitment Disclaimer:

Please be aware that Iterable, Inc. (“Iterable”) and our official professional recruiting agencies and platforms do not:

• Send job offers from free email services like Gmail, Yahoo mail, Hotmail, etc.
• Request money, fees, or payment of any kind from prospective candidates to apply to Iterable, for employment, or for the recruitment process (e.g. for home office supplies, or training, etc.).
• Request or require personal documents like bank account details, tax forms, or credit card information as part of the recruitment process prior to the candidate signing an engagement letter or an employment contract with Iterable.

You may see all job vacancies on our official Iterable channels:

• Official Iterable website, Careers page: https://iterable.com/careers/
• Official LinkedIn Jobs page: https://www.linkedin.com/company/iterable/jobs/

Iterable is not affiliated in any way to these impostors and we hereby confirm that such individuals/entities are not authorized, encouraged, or sponsored to act on behalf of Iterable. Such job opportunities are entirely fake and not valid. Therefore, please disregard any written or oral request for a job offer or an interview that you believe is or might be fraudulent or suspicious and immediately reach out to us via email at talent-ops@iterable.com upon receiving a suspicious job offer.

Criminal and/or civil liabilities may arise from such actions, and Iterable expressly reserves the right to take legal action, including criminal action, against such individuals/entities whenever such phenomena occur. In any case, please note that under no circumstances shall Iterable and any of its affiliates be held liable or responsible for any claims, losses, damages, expenses or other inconvenience resulting from or in any way connected to the actions of these impostors.

Iterable is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. Iterable does not make hiring or employment decisions on the basis of race, color, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender-identity, sexual orientation, disability, age, military or veteran status, or any other basis protected by applicable local, state, or federal laws or prohibited by Company policy. Iterable also strives for a healthy and safe workplace and strictly prohibits harassment of any kind. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Iterable will also consider for employment qualified applicants with arrest and conviction records.