Sr. Risk and Compliance Analyst
ZapierWorkflow automation for everyone. Zapier automates your work across 5,000+ app integrations, so you can focus on what matters.
At this time, we're seeking candidates located within the Americas.
We're looking for a Senior Risk & Compliance Analyst to join our GRC Team at Zapier. Zapier is on a mission to democratize automation. Over 5 million professionals already use Zapier to save more time, but there are millions more to reach. We owe it to our customers to be a responsible steward of their data and keep it safe and private.
Are you interested in working with a team that thrives on ownership, where you default-to-action on your ideas and own them from start to finish? You want to apply your process streamlining, work smart-not-hard risk management skills and assist our teams in maintaining SOC 2 Type II compliance. You have first-hand risk program experience, a strong compliance background and are interested in strengthening your career.
If you want to make your mark by owning significant programs of the Governance, Risk and Compliance program at a fast-growing and profitable startup, then read on…
- You have 4-5 years of experience in information security, technical risk management and GRC.
- You are independently motivated and a strong communicator. You have a high comfort level with written communication, effective use of chat tools and asynchronous communication skills. You understand what motivates your peers and are able to adjust your communication style so that it provides your audience value.
- You’re experienced in performing risk assessments. You know how to assess risks in applications, infrastructure, business operations and third-party vendors against a defined risk framework. You are comfortable researching industry-standard threats and vulnerabilities to stay abreast of risks that could impact a specific environment.
- You have deep analytical and research-based experience. You appreciate the full picture and are comfortable seeking out the information needed to resolve unknowns. As a baseline, you have familiarity with aligning control frameworks to applicable security, privacy and compliance risks.
Working in a SOC2, ISO27001 and/or HIPAA/HITRUST compliant environment is a plus.
- You love to collaborate and give a hand when needed. In this role, you will not only own the risk management program, you will take an advisory role when working with cross-functional teams to identify and mitigate risk. You enjoy collaborating with others, giving and taking feedback and working together to accomplish the overall mission of continued security and compliance maturity.
- You’re an excellent planner. You have worked on or facilitated projects with minimal guidance and have proven skills at organizing complex work and tracking details on a weekly basis.
- You’re creative and resourceful. Frameworks are purposely vague - they have to be one-size-fits-all, but you can apply and translate them to a SaaS company like Zapier. You always look for solutions that are built into systems to fulfill requirements instead of creating laborious controls. Automation is your to-go when solving control requirements and operation improvements.
- You are friendly and patient, welcoming, considerate, and respectful. Learn more about these attributes in our code of conduct.
Things You’ll Do
As part of the Security Team, this role falls under the Governance, Risk and Compliance function.
You will work cross-functionally with engineering, product, legal, privacy, finance, HR, customer support and sales by continued building of risk management processes and scaling of technical compliance controls. This role is an excellent opportunity for an Individual Contributor to have a substantial impact on elevating risk management and framing org-wide compliance initiatives.
Zapier is a fast-growing and remote-first company, so you'll likely get experience on many different projects across the organization. That said, here are some things you'll do:
- Contribute to the development and designing of controls that establish higher levels of automated testing and evidence collection
- Execute and manage the Risk Assessment Lifecycle by reporting on, planning and tracking remediation/mitigation plans
- Work with our Partnership and Sales Teams to assist with customer and partner inquiries
- Provide guidance to stakeholders on regulatory/industry best practices
- Lead data-driven discussions that support the measurement of organizational risk tolerance and posture
- Maintain and improve control and threat libraries
- Research and blog internally and externally about the latest information compliance, privacy and risk
Zapier Compensation Guiding Principles
We believe all Zapiens should be rewarded competitively and equitably, using practices that are simple and transparent. This philosophy ensures we’re able to find, grow, and retain exceptional people from a broad range of backgrounds. Here’s how we define our compensation principles:
- Competitive: Zapier pays well among the technology sector.
- Equitable: Consistent pay practices; competency-based pay.
- Simple: Pay is well understood, and pay practices are built for scale.
- Transparent: Zapiens know how pay works, including how their pay is determined.
The pay ranges for this role are:
United States: 138,300-207,500 USD
Canada: 138,300-207,500 CAD
A Candidate's compensation package is finalized once the interview process is concluded and accounts for experience, competencies (job knowledge, skills and abilities) and internal equity.
For more information on Zapier’s Total Rewards please click here.
How to Apply
At Zapier, we believe that diverse perspectives and experiences make us better, which is why we have a non-standard application process designed to promote inclusion and equity. We're looking for the best fit for each of our roles, regardless of the type of education or companies in your background, so we encourage you to apply even if your skills and experiences don’t exactly match the job description. All we ask is that you answer a few in-depth questions in our application that would typically be asked at the start of an interview process. This helps speed things up by letting us get to know you and your skillset a bit better right out of the gate. Please be sure to answer each question; the resume and CV fields are optional.
After you apply, you are going to hear back from us—even if we don’t see an immediate fit with our team. In fact, throughout the process, we strive to never go more than seven days without letting you know the status of your application. We know we’ll make mistakes from time to time, so if you ever have questions about where you stand or about the process, just ask your recruiter!
Zapier is an equal-opportunity employer and we're excited to work with talented and empathetic people of all identities. Zapier does not discriminate based on someone's identity in any aspect of hiring or employment as required by law and in line with our commitment to Diversity, Inclusion, Belonging and Equity. Our code of conduct provides a beacon for the kind of company we strive to be, and we celebrate our differences because those differences are what allow us to make a product that serves a global user base.
Zapier is committed to inclusion. As part of this commitment, Zapier welcomes applications from individuals with disabilities and will work to provide reasonable accommodations. If reasonable accommodations are needed to participate in the job application or interview process, please contact firstname.lastname@example.org.
More jobs like this
Remote in our Northeast … Remote in our Northeast region Full TimeSenior Senior-levelUSD 62K - 115K * USD 62K+ *
GuidePoint Security LLC
Practice Lead, Security Analytics - Northeast (Remote)Analytics Ansible Automation Bash EDR Firewalls Java +10
Career development Flex hours Flex vacation Health care
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Staff Product Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Head of Information Security jobs
- Open Senior SOC Analyst jobs
- Open IT Security Engineer jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Senior Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Lead Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Cybersecurity Engineer jobs
- Open IT Security Analyst jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Infrastructure Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Cyber Hunt SME jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Cyber Program Manager jobs
- Open GCP-related jobs
- Open Clearance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Governance-related jobs
- Open Risk assessment-related jobs
- Open ISO 27001-related jobs
- Open SaaS-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open CISM-related jobs
- Open Threat intelligence-related jobs
- Open Cryptography-related jobs
- Open Analytics-related jobs
- Open Kubernetes-related jobs
- Open CISA-related jobs
- Open APIs-related jobs
- Open IAM-related jobs
- Open DevSecOps-related jobs
- Open IPS-related jobs
- Open CI/CD-related jobs