Senior Compliance Analyst I (Remote)

Who We Are

Having surpassed $200M ARR and continuing to grow, AuditBoard is the leading audit, risk, ESG, and InfoSec platform on the market. More than 50% of the Fortune 500, including 7 of the Fortune 10, leverage our award-winning technology to move their businesses forward with greater clarity and agility. And our customers love us: AuditBoard is top-rated on G2.com and Gartner Peer Insights.

At AuditBoard, we inspire each other to innovate and are proud of what we are producing. We spend each day thinking of new ways to help our customers and contribute to the greater good of our company and our surrounding communities. We are all about assisting each other and breaking through barriers to create the most loved audit, risk, ESG, and InfoSec platform by our customers. This is how we have become one of the 500 fastest-growing tech companies in North America for the sixth year in a row, as ranked by Deloitte!

AuditBoard is looking for an experienced Compliance Analyst to enhance the strategic pillars of a security compliance program and facilitate day-to-day compliance operations. This individual will be involved in multiple areas of the business where compliance and security impact our operations (e.g. Awareness & Training, Policy Management, Control Testing & Monitoring, Continuity Testing Facilitation, and Management of Compliance Standards). This role will require the individual to have a foundational understanding of GRC concepts and how those concepts pertain to multiple departments across the business. 

This position will have visibility and interaction with the security, IT, engineering, legal, and other cross-functional teams at AuditBoard. This person will work on assignments that are complex in nature and require professional skepticism,  judgment, initiative, and knowledge of common SaaS Company positions to resolve problems and/or develop recommended solutions. 

This position reports to the Director of Information Security Compliance and is a perfect role for someone who is passionate about building compliance operations procedures and 2nd line control testing in a fast-paced environment and is an all-around great team player.

Key responsibilities:

• Participates in maintaining and evolving the compliance program framework, including designing and developing policies, standards, and procedures.

• Facilitates and performs 2nd Line of Defense control testing and validation

• Maintains control and framework structure, hierarchy, and attributes.

• Consults with crossfunctional and security teams to implement policies and procedures as well as assess data privacy and security risks, to mitigate potential compliance issues.

• Contributes to the maintenance and continuous improvement of the overall security compliance posture of AuditBoard.

• Interfaces and collaborates with security and legal teams on compliance issues

• Keeps track of changing and developing compliance frameworks and security regulations

• Participates in security compliance assessments

• Assists in providing responses to customer and vendor questionnaires

• Facilitates training, awareness, and communication of security and compliance matters across AuditBoard;

• Participates in developing and delivering training programs on security awareness, data handling/protection, and privacy.

• Works globally and cross-functionally to translate compliance requirements and principles into a set of common controls and  practices

Attributes of a Successful Candidate:

• 3+ years of experience as a security compliance professional with an in-depth understanding of control objectives, procedures, compliance gap assessments, and evidence collection covering ISO 27001 / 27002, NIST CSF, NIST 800-53, CMMC / NIST 800-171, SOC1 / SOC2, FedRAMP, and common industry standards.

• Experience in a B2B SaaS organization

• Knowledge and experience with compliance automation tooling and practices / SQL.

• Bachelor's degree

• Ability and desire to learn new technologies and data flows quickly to help assess security risks and develop appropriate risk mitigation elements

• Ability to translate and distill laws and regulatory requirements and legal advice into operational control procedures and policies and provide practical guidance to business units and functions on those requirements

• Ability to collect, describe, and display technical information in a way to help decision-making

• Participates in industry security organizations and associations to learn emerging trends and best practices

• Experience in collaborating among cross-functional and global teams with the ability to drive and manage multiple simultaneous projects

• Experience developing security and ELC controls and communicating them to business stakeholders.

• Excellent verbal and written communication skills

• Relevant privacy and security certifications such as CISSP, CISM, CISA.

Our Company Values

• Customer obsession: Apply relentless focus on listening to and understanding customers as the core of everything we do

• Win, together: Drive to be the best while supporting each other’s success

• Gritty resilience: Thrive in a fast-paced and dynamic environment, balancing immediate priorities with big-picture strategic goals

• Personal improvement: Stay eager to share insights, seek feedback, and continuously learn

• Constant innovation: Challenge the status quo and drive improvements
  

Perks*

• Launch a career at one of the fastest-growing SaaS companies in North America!

• Live your best life (LYBL)! $200/mo for anything that enhances your life

• Remote and hybrid work options, plus lunch in the Cerritos office

• Comprehensive employee health coverage (all locations)

• 401K with match (US) or pension with match (UK)

• Competitive compensation & bonus program

• Flexible Vacation (US exempt & CA) or 25 days (UK)

• Time off for your birthday & volunteering

• Employee resource groups

• Opportunities for team and company-wide get-togethers!

*perks may vary based on eligibility/location

Please note that background checks are required. Qualified Applicants with arrest or conviction records will be considered for Employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. This role may have access to highly sensitive data, including employee data, customer data, company financials, and proprietary product information.

#LI-Remote