Security-Compliance Analyst

FormAssembly is seeking an experienced Security-Compliance Analyst to join our Security and Compliance department. As a Compliance Analyst, your role will be to work with other business units to ensure the highest level of security and compliance obligations are met.

We seek a motivated self-starter and team player to lead several aspects of security and compliance at FormAssembly. Responsibilities include ensuring FormAssembly meets the highest security standards, administering security audits, making infrastructure improvements, and helping achieve/maintain security standards such as PCI DSS Level 1, ISO-27001, HIPAA, GDPR, FedRAMP and others.

About Us:

FormAssembly is a 100% remote, fast-growing SaaS company with teammates all over the world that come together every day to help customers streamline data collection processes. We’re chasing major growth goals year after year, and we’re looking for talented, driven individuals to join our dynamic team.

FormAssembly works with 5,000+ leading companies worldwide to help them collect data quickly and securely, including Amazon, PayPal, Dell, Harvard, and more. We have been recognized in the 2020 Inc. 5000 list of fastest growing private companies for four years in a row, and we are a G2 Crowd Winter 2021 Leader. As we grow rapidly and adapt our product to better serve our impressive roster of customers, we’re also dedicated to fostering community and building relationships with our coworkers.

For a glimpse at what it’s like to work at a SaaS company with 35% year over year growth and teammates from all over the world who live out our core values of transparency, accountability, curiosity, ambition, composure, and kindness, learn about our awesome team and how and why we work remotely.

If you share our core values and want to work together to build something great for our customers, we’d be thrilled to have you apply for this position. FormAssembly is an equal opportunity employer. If you belong to an under-represented group in tech, you’ll find a welcoming culture that thrives on diversity.

This is a full-time position, open to all locations (working remotely from home).

About this position:

• This is a mid-level compliance analyst role, requiring moderate levels of experience driving security and compliance audits and working with other teams
• The Analyst candidate will have experience evaluating how well we operate and design our internal controls against our committed compliance programs. This individual will partner closely with all other departments including IT, Engineering, Product, Sales, and HR. An ideal candidate will work effectively with these teams to conduct assessments, escalate risks and issues, and project manage our annual audit cycles internally.

Requirements

Requirements:

• 2+ years of experience in supporting security-compliance audits, such as SOC-2, ISO27001, PCI, and FedRamp
• 2+ years of experience in conducting internal audits and reviews, such as for user access, change controls, and system configurations
• 2+ years of experience working with GRC and project management tools such as ZenGRC, OneTrust, Altassian (Jira), or similar
• Experience preparing and presenting status reports and metrics on risk and non-compliance events
• Ability to work alongside different teams such as Engineering, IT, Product, and Marketing.
• Experience with privacy frameworks such as GDPR, CCPA, and CPRA a bonus

Preferred Certifications:

• Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Certified Information Privacy Professional (CIPP), or similar

In this position you will:

• Support our security-compliance and governance programs including SOC-2, ISO27001, FedRamp, and PCI
• Monitor the design and operating effectiveness of our internal controls through audits, walkthroughs, technical assessments, and policy/procedure reviews
• Assess the state of security configurations for core systems such as Okta, Google Workspace, and AWS to identify and escalate non-compliance issues
• Produce reports concerning residual risk, vulnerabilities and other security exposures, including misuse of assets and technology non-compliance
• Performs assessments to assess the effectiveness of existing controls and recommend remedial action
• Identify and drive support for compliance orchestration and automation
• Oversee overall compliance states within DLP, FIM, IDS, WAF’s, anti-virus, SIEM etc.
• Assist in filling out security questionnaires for our customers
• Review and improve internal best practices and training

Benefits

FormAssembly offers several benefits that help to facilitate a healthy team, personal growth, and a work-life balance, all of which contribute to creating a more engaged and passionate workforce.

• Health benefits (health, dental, vision) for team members based in the United States
• 401(k) with 4% company match for team members based in the United States
• Unlimited paid vacation and 9 company holidays
• Flexible work schedule
• Paid parental leave
• Charitable contribution match
• Budget for professional development
• Company provided Mac laptop

You'll be joining a talented and fun team, working together to build something great!