Risk and Compliance Analyst

Remote

Applications have closed

Zapier

Workflow automation software for everyone. Zapier automates your work across 6,000+ app integrations, so you can focus on what matters.

View company page

Risk and Compliance Analyst

 

Hi there!

We're looking for a Risk and Compliance Analyst to join our GRC Team at Zapier. Zapier is on a mission to democratize automation. Over 5 million professionals already use Zapier to save more time, but there are millions more to reach. We owe it to our customers to be a responsible steward of their data and keep it safe and private.

Are you interested in working with a team that thrives on ownership where you default-to-action on your ideas and own them from start to finish? You want to apply your process streamlining, work smart-not-hard risk management skills to help our teams maintain SOC 2 Type II compliance. You might not be a seasoned risk-expert but you feel that you have a strong compliance interest, baseline risk-program knowledge and want immediate opportunity to grow your career.

If you want to make your mark by helping us first and then start owning significant areas of the Governance, Risk and Compliance program at a fast-growing and profitable startup, then read on…

 

About You

  • You have 3-4 years experience in information security risk management and/or GRC.
  • You’re experienced in performing risk assessments. You know how to assess risks in applications, infrastructure, business operations and third party vendors against a defined risk framework. You are comfortable researching industry-standard threats and vulnerabilities to stay abreast of risks that could impact a specific environment.
  • You have deep analytical and research-based experience. As a data point to measure severity, you’re familiar with aligning control frameworks to applicable security, privacy and compliance risks. Working in a SOC2, ISO27001 and/or HIPAA/HITRUST compliant environment is a plus.
  • You're a doer. You seek out the information you need to properly evaluate environmental risks. You’ve managed the intake, assessment and treatment of risks and take initiative in facilitating a majority of the risk management lifecycle. When working in situations of ambiguity, you’re able to leverage known information to execute a decision that progresses a project forward.
  • You love to collaborate and give a hand when needed. In this role, you will not only own the risk management program, you will take an advisory role when working with cross-functional teams to identify and mitigate risk. You enjoy collaborating with others, giving and taking feedback and working together to accomplish the overall mission of continued security and compliance maturity.
  • You’re an excellent planner. You have worked on or facilitated Compliance and Security Risk projects with minimal guidance, including planning, scheduling, and delivering of reports and other documentation.
  • You’re creative and resourceful. Frameworks are purposely vague - they have to be one-size-fits-all, but you can apply and translate them to a SaaS company like Zapier. You always look for solutions that are built into systems to fulfill requirements instead of creating manual labor (e.g. enforced git reviews and automated testing before a pull request vs. a manual approval). Automation is your to-go when solving control requirements.
  • You are friendly and patient, welcoming, considerate, and respectful. Learn more about these attributes in our code of conduct.

 

Things You’ll Do

Zapier is a fast-growing, and remote-first company, so you'll likely get experience on many different projects across the organization. That said, here are some things you'll probably do:

  • Manage Zapier’s Risk Register
  • Maintain and scale the Risk Management Program
  • Own updates to applicable standards, policies, procedures, customer-facing documents, etc.
  • Maintain and improve control and threat libraries
  • Conduct risk assessments and produce quarterly report summaries for the Risk Steering Committee
  • Assist in gathering internal and external audit evidence
  • Document the intake of risk exception requests
  • Facilitate the approvals and applicable escalations for risk acceptance requests

You’ll also have the opportunity to specialize in various areas of...

  • Policies and procedures
  • Operational automation
  • Risk governance and education
  • Privacy and data governance initiatives

 

The Whole Package

Our fully remote, distributed environment enables us to work with awesome people from around the world. Our team members work from 38 different countries. We generally hire based on timezones and try to keep teams together by making sure that every Zapien overlaps with their manager & teammates for at least a few hours a day.

Zapier offers:

  • Competitive salary and bonus program
  • Equity for All: Stock options (or equivalent) for every Zapien
  • Healthcare + dental + vision coverage*
  • Fertility and Adoption Assistance
  • Retirement plan with 4% company match*
  • $2,000 annual learning stipend for use on courses, conferences, and more—your choice
  • Annual all-company retreat
  • 14 weeks paid leave for new parents of biological or adopted children
  • Customized Zapiversary rewards on your 1, 3, 5, 7 and 10 year work anniversaries
  • Leading-edge equipment. We set you up with an Apple laptop and provide an additional budget for you to choose other home office accessories and software you may need.
  • Time to renew. We encourage Zapiens to take at least 2 weeks off each year. Most of us take 4-5 weeks, in addition to locally recognized holidays.
  • Opportunity to work with Zapier’s amazing partners network

*While we support Zapiens around the world the best we can, healthcare plans are available in the UK, Canada, and United States. Retirement plans are currently available specifically in the UK, Canada, New Zealand, Australia, and United States. A regional benefits premium is added directly to the salary ranges for team members who are in countries where we do not have entities or provide company-sponsored benefits. When recommendations are made for base salary, the benefits premium has already been factored in.

 

How to Apply

At Zapier, we believe that diverse perspectives and experiences make us better, which is why we have a non-standard application process designed to promote inclusion and equity. We are looking for the best fit for each of our roles, regardless of the type of education or companies in your background, so we encourage you to apply even if your skills and experiences don’t exactly match the job description. All we ask is that you answer a few in-depth questions in our application that would typically be asked at the start of an interview process. This helps speed things up by letting us get to know you and your skillset a bit better right out of the gate. Please be sure to answer each question; the resume and CV fields are optional.

After you apply, you are going to hear back from us—even if we don’t see an immediate fit with our team. In fact, throughout the process, we strive to never go more than seven days without letting you know the status of your application. We know we’ll make mistakes from time to time, so if you ever have questions about where you stand or about the process, just ask your recruiter!

Zapier is an equal opportunity employer and we're excited to work with talented and empathetic people of all identities. Zapier does not discriminate based on someone's identity in any aspect of hiring or employment as required by law and in line with our commitment to Diversity, Inclusion, Belonging and Equity. protected by local law. Our code of conduct provides a beacon for the kind of company we strive to be, and we celebrate our differences because those differences are what allow us to make a product that serves a global user base.

Zapier is committed to inclusion. As part of this commitment, Zapier welcomes applications from individuals with disabilities and will work to provide reasonable accommodations. If reasonable accommodations are needed to participate in the job application or interview process, please contact jobs@zapier.com.

 

#LI-Remote #LI-EB

Tags: Automation Compliance Governance HIPAA HITRUST ISO 27001 Privacy Risk assessment Risk management SaaS SOC SOC 2 Vulnerabilities

Perks/benefits: Career development Competitive pay Conferences Equity Fertility benefits Flex vacation Gear Health care Home office stipend Salary bonus Startup environment Team events

Region: Remote/Anywhere
Job stats:  37  17  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.