Lead Security Analyst, Risk & Compliance
Remote, United States
tldr; We are looking for a lead security analyst who has experience driving major assurance initiatives such as SOC2, ISO 27001, NIST, PCI-DSS, GDPR, and/or CCPA.
Who Are We?
Postman is the world’s leading collaboration platform for API development. Our app simplifies each step of the API building process and streamlines collaboration. More than 17 million developers and 500,000 organizations worldwide currently use Postman. We recently raised our Series-D at a $5.6 billion valuation.
The team is responsible for handling all aspects of information security, governance, risk, and compliance. We are looking for a lead to join us who will be responsible for developing, maintaining, and maturing our GRC programs and aligning our frameworks to the company's strategic vision and goals.
The team is focused on working with and managing various regulations and compliance programs such as: SOC2, ISO 27001, NIST, PCI-DSS, GDPR, and CCPA. We operate as an internal consulting resource for Postman, advocating for security and risk management processes.
How We Operate.
Since we are a globally distributed team, we measure outcomes, not hours. We operate from a deep sense of our values, and strive to build the best products for the entire developer community.
What You'll Do.
- Contribute to the development, management, and ongoing improvement of the company InfoSec program, compliance initiatives, risk management, privacy, and overall security assurance.
- Conduct periodic reviews and audits of internal policies, controls and processes, with published reports outlining successes and opportunities for improvement.
- Partner with business and engineering leaders to identify risks and propose mitigation strategies.
- Coordinate and manage compliance audit activities with external auditors and internal control owners to ensure timely and successful completion of audit requirements.
- Collaborate with security teams to ensure our IT environment meets our security requirements.
- Evaluate and contribute to the implementation of technology to streamline and automate manual controls.
- Monitor the vendor due diligence process including coordinating with Security, Legal, and stakeholders to assess vendor security controls.
- 7+ years of hands-on experience in cyber risk, governance, and compliance.
- Ability to identify gaps, create mitigation plans, and work with control owners to implement changes.
- Experience managing or maturing GRC programs, preferably within a high-growth Cloud/SaaS environment.
- Passionate and creative in the use of technology to streamline and automate manual processes .
- Experience with—and enthusiasm for—working with global, distributed teams.
- Open and outgoing personality with the ability to build relationships across departments and cultures.
We offer competitive salaries and benefits, and a flexible schedule working with a fun, collaborative team. Enjoy full medical coverage, unlimited PTO, and a monthly lunch stipend. (Yes, seriously. We want you to eat well wherever you’re at.) Plus, our wellness program will help you stay healthy from your location with fitness-related reimbursements. Our frequent and fascinating virtual team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves, and we want you to be part of it. Join us, why dontcha?
Other jobs like this
Staff Cloud Security Engineer (Remote- North America)Automation AWS Azure CEH CISA Cloudflare FedRAMP GCP ISO 27001 Kubernetes +2
Career development Competitive pay Flex hours Flex vacation Parental leave +3
Principal/Staff Software Security EngineerAgile Ansible Automation Banking Blockchain C Crypto Cryptography Encryption Golang +7
Competitive pay Equity Flex vacation Gear Parental leave +1
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Head of Information Security jobs
- Open Senior Information Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Staff Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Cloud Security Automation Specialist jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cloud Security Operations Lead jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open Encryption-related jobs
- Open CEH-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Threat detection-related jobs
- Open Open Source-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open DevSecOps-related jobs
- Open Machine Learning-related jobs