Senior Security Compliance Analyst

Instabase

IT, Legal

San Francisco, CA, USA · Remote

Posted on Friday, September 2, 2022

At Instabase, we're passionate about democratizing access to cutting-edge AI innovation to enable any organization to solve previously unsolvable unstructured data problems in their industry. With customers representing some of the largest, and most complex institutions in the world, and investors like Greylock, Andreessen Horowitz, and Index Ventures, our market opportunity is undeniable.

Instabase is a remote company rooted in flexibility. Employees can choose to work from one of our global offices in Menlo Park, New York, London, or Bangalore, fully remotely, or a mix of the two. At the center of our value proposition is our people, and we've built a fearlessly experimental, endlessly curious, customer focused team who together, are fundamentally changing how developers build and distribute intelligent business applications.

Instabase is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Research shows that in order to apply for a job, women feel they need to meet 100% of the criteria while men usually apply after meeting about 60%. Regardless of how you identify, if you believe you can do the job and are a good match, we encourage you to apply.

Our Trust Team is core to Instabase's strategy for enabling business growth and team velocity. We engineer solutions that remove commercial blockers, increase employee productivity and help teams scale. This team works on a wide range of domains from cloud systems administration, systems integration architecture and security enablement all while supporting 300 employees, contractors and systems distributed across the globe.

The Senior Security Compliance Analyst is a business enabler and is responsible for supporting and executing critical portions of the compliance function. As a technical leader of the function, you will ensure that the regulatory roadmap supports business, sales and revenue objectives while maintaining alliance with existing information security standards.

You will work closely with security, legal, engineering, product and other business units to ensure regulatory control requirements are translated into Instabase-structured language that is informed by the organization’s current security practices and standards. We are not a check-box security organization and as such you will have the opportunity to participate in control requirements and remediation initiatives that result in pragmatic solutions for Instabase and its customers.

What You’ll Do

Helping mature and scale our compliance programs based on industry best practices for (some or all of) the following functions including Audit Management, Risk Management, Third-party Assurance, Sales Enablement, Policy Management, etc.
Working cross-functionally to retain SOC 2 Type II, HIPAA, and other certifications that exhibit assurance internally and externally.
Driving control automation and supporting process improvements in the compliance portfolio.
Supporting staff training around Security, Compliance, and Privacy.
Implementing and managing continuous controls assessments and remediation monitoring.
Establish/Maintain processes and procedures that support audit and compliance management as daily operational functions vs. a disruptive event.
In close partnership with control owners, translate control remediation opportunities into business-enabling processes and standards.
Understanding what it takes to improve current Information security policies, procedures, and standards, for processes, applications, and infrastructure.
Provide transparency and status reporting through the use of meaningful and actionable scorecards and relevant operational metrics and OKRs/KPIs.

About You

Security Assessment Expertise: You have experience working with various stakeholders to review and help improve their current processes through assessments or other tools.
Pragmatic and business-oriented: You care about business impact and prioritize projects accordingly — you understand the risks and balance the right security investments with the right bottom line outcomes.
Empathetic communication: You communicate nuanced ideas clearly, whether you’re explaining compliance requirements in writing or brainstorming in real time. When building consensus, you engage thoughtfully with other perspectives and compromise when needed.
Team player: For you, work isn't a solo endeavor. You enjoy collaborating cross-functionally to accomplish shared goals, and you care about learning, growing, and helping others to do the same.

Nice to Haves

With a minimum of 5-7 years experience, you may have one or more of the following: CISSP, CISA, CRISC, or CIPP.
You have experience in implementing security risk management processes and frameworks.
You have a good understanding of how AI can impact security frameworks and can articulate its risks and benefits.
You are skilled in performing assessments and improving complex processes.
You've managed, maintained, and monitored systems like SafeBase, RFP systems (RFPIO) and GRC tools.
You've been responsible for maintaining continuous controls and participating in audits in relation to our customer facing certifications (like SOC2).
You have been a partner to sales teams, in customer facing discussions, and can talk to customers about our security posture confidently.
You have experience leading projects from start to finish across multiple teams and time zones.

The base salary range for this role is $165,000 to $180,000 + bonus, equity, and US Benefits. The actual pay may vary based on factors such as location, experience, and skills.

#LI-Remote

Come help us build for the next stage of growth and scale -- accelerate your career with Instabase!

Apply now

See more open positions at Instabase