Lead Security Analyst, Risk & Compliance
Remote, United States
Applications have closed
tldr; We are looking for a lead security analyst who has experience driving major assurance initiatives such as SOC2, ISO 27001, NIST, PCI-DSS, GDPR, and/or CCPA.
Who Are We?
Postman is the world’s leading collaboration platform for API development. Our app simplifies each step of the API building process and streamlines collaboration. More than 17 million developers and 500,000 organizations worldwide currently use Postman. We recently raised our Series-D at a $5.6 billion valuation.
Here's a timeline of Postman’s journey in becoming an API Platform.
The Team.
The team is responsible for handling all aspects of information security, governance, risk, and compliance. We are looking for a lead to join us who will be responsible for developing, maintaining, and maturing our GRC programs and aligning our frameworks to the company's strategic vision and goals.
The team is focused on working with and managing various regulations and compliance programs such as: SOC2, ISO 27001, NIST, PCI-DSS, GDPR, and CCPA. We operate as an internal consulting resource for Postman, advocating for security and risk management processes.
How We Operate.
Since we are a globally distributed team, we measure outcomes, not hours. We operate from a deep sense of our values, and strive to build the best products for the entire developer community.
What You'll Do.
- Contribute to the development, management, and ongoing improvement of the company InfoSec program, compliance initiatives, risk management, privacy, and overall security assurance.
- Conduct periodic reviews and audits of internal policies, controls and processes, with published reports outlining successes and opportunities for improvement.
- Partner with business and engineering leaders to identify risks and propose mitigation strategies.
- Coordinate and manage compliance audit activities with external auditors and internal control owners to ensure timely and successful completion of audit requirements.
- Collaborate with security teams to ensure our IT environment meets our security requirements.
- Evaluate and contribute to the implementation of technology to streamline and automate manual controls.
- Monitor the vendor due diligence process including coordinating with Security, Legal, and stakeholders to assess vendor security controls.
About You.
- 7+ years of hands-on experience in cyber risk, governance, and compliance.
- Ability to identify gaps, create mitigation plans, and work with control owners to implement changes.
- Experience managing or maturing GRC programs, preferably within a high-growth Cloud/SaaS environment.
- Passionate and creative in the use of technology to streamline and automate manual processes .
- Experience with—and enthusiasm for—working with global, distributed teams.
- Open and outgoing personality with the ability to build relationships across departments and cultures.
Benefits
We offer competitive salaries and benefits, and a flexible schedule working with a fun, collaborative team. Enjoy full medical coverage, unlimited PTO, and a monthly lunch stipend. (Yes, seriously. We want you to eat well wherever you’re at.) Plus, our wellness program will help you stay healthy from your location with fitness-related reimbursements. Our frequent and fascinating virtual team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves, and we want you to be part of it. Join us, why dontcha?
#LI-REMOTE
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Audits CCPA Cloud Compliance GDPR Governance ISO 27001 NIST PostMan Privacy Risk management SaaS SOC 2
Perks/benefits: Flex hours Flex vacation Health care Home office stipend Startup environment Team events Unlimited paid time off Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs