Sr. Risk and Compliance Analyst

At this time, we're seeking candidates located within the Americas.

Hi there!

We're looking for a Senior Risk & Compliance Analyst to join our GRC Team at Zapier. Zapier is on a mission to democratize automation. Over 5 million professionals already use Zapier to save more time, but there are millions more to reach. We owe it to our customers to be a responsible steward of their data and keep it safe and private.

Are you interested in working with a team that thrives on ownership, where you default-to-action on your ideas and own them from start to finish? You want to apply your process streamlining, work smart-not-hard risk management skills and assist our teams in maintaining SOC 2 Type II compliance. You have first-hand risk program experience, a strong compliance background and are interested in strengthening your career.

If you want to make your mark by owning significant programs of the Governance, Risk and Compliance program at a fast-growing and profitable startup, then read on…

About You

• You have 4-5 years of experience in information security, technical risk management and GRC.
• You are independently motivated and a strong communicator. You have a high comfort level with written communication, effective use of chat tools and asynchronous communication skills. You understand what motivates your peers and are able to adjust your communication style so that it provides your audience value.
• You’re experienced in performing risk assessments. You know how to assess risks in applications, infrastructure, business operations and third-party vendors against a defined risk framework. You are comfortable researching industry-standard threats and vulnerabilities to stay abreast of risks that could impact a specific environment.
• You have deep analytical and research-based experience. You appreciate the full picture and are comfortable seeking out the information needed to resolve unknowns. As a baseline, you have familiarity with aligning control frameworks to applicable security, privacy and compliance risks.
  Working in a SOC2, ISO27001 and/or HIPAA/HITRUST compliant environment is a plus.
• You love to collaborate and give a hand when needed. In this role, you will not only own the risk management program, you will take an advisory role when working with cross-functional teams to identify and mitigate risk. You enjoy collaborating with others, giving and taking feedback and working together to accomplish the overall mission of continued security and compliance maturity.
• You’re an excellent planner. You have worked on or facilitated projects with minimal guidance and have proven skills at organizing complex work and tracking details on a weekly basis.
• You’re creative and resourceful. Frameworks are purposely vague - they have to be one-size-fits-all, but you can apply and translate them to a SaaS company like Zapier. You always look for solutions that are built into systems to fulfill requirements instead of creating laborious controls. Automation is your to-go when solving control requirements and operation improvements.
• You are friendly and patient, welcoming, considerate, and respectful. Learn more about these attributes in our code of conduct.

Things You’ll Do

As part of the Security Team, this role falls under the Governance, Risk and Compliance function.

You will work cross-functionally with engineering, product, legal, privacy, finance, HR, customer support and sales by continued building of risk management processes and scaling of technical compliance controls. This role is an excellent opportunity for an Individual Contributor to have a substantial impact on elevating risk management and framing org-wide compliance initiatives.

Zapier is a fast-growing and remote-first company, so you'll likely get experience on many different projects across the organization. That said, here are some things you'll do:

• Contribute to the development and designing of controls that establish higher levels of automated testing and evidence collection
• Execute and manage the Risk Assessment Lifecycle by reporting on, planning and tracking remediation/mitigation plans
• Work with our Partnership and Sales Teams to assist with customer and partner inquiries
• Provide guidance to stakeholders on regulatory/industry best practices
• Lead data-driven discussions that support the measurement of organizational risk tolerance and posture
• Maintain and improve control and threat libraries
• Research and blog internally and externally about the latest information compliance, privacy and risk
  management trends

Zapier Compensation Guiding Principles

We believe all Zapiens should be rewarded competitively and equitably, using practices that are simple and transparent. This philosophy ensures we’re able to find, grow, and retain exceptional people from a broad range of backgrounds. Here’s how we define our compensation principles:

• Competitive: Zapier pays well among the technology sector.
• Equitable: Consistent pay practices; competency-based pay.
• Simple: Pay is well understood, and pay practices are built for scale.
• Transparent: Zapiens know how pay works, including how their pay is determined.

The pay ranges for this role are:

United States: 138,300-207,500 USD

Canada: 138,300-207,500 CAD

A Candidate's compensation package is finalized once the interview process is concluded and accounts for experience, competencies (job knowledge, skills and abilities) and internal equity.

For more information on Zapier’s Total Rewards please click here.

How to Apply

At Zapier, we believe that diverse perspectives and experiences make us better, which is why we have a non-standard application process designed to promote inclusion and equity. We're looking for the best fit for each of our roles, regardless of the type of education or companies in your background, so we encourage you to apply even if your skills and experiences don’t exactly match the job description. All we ask is that you answer a few in-depth questions in our application that would typically be asked at the start of an interview process. This helps speed things up by letting us get to know you and your skillset a bit better right out of the gate. Please be sure to answer each question; the resume and CV fields are optional.

After you apply, you are going to hear back from us—even if we don’t see an immediate fit with our team. In fact, throughout the process, we strive to never go more than seven days without letting you know the status of your application. We know we’ll make mistakes from time to time, so if you ever have questions about where you stand or about the process, just ask your recruiter!

Zapier is an equal-opportunity employer and we're excited to work with talented and empathetic people of all identities. Zapier does not discriminate based on someone's identity in any aspect of hiring or employment as required by law and in line with our commitment to Diversity, Inclusion, Belonging and Equity. Our code of conduct provides a beacon for the kind of company we strive to be, and we celebrate our differences because those differences are what allow us to make a product that serves a global user base.

Zapier is committed to inclusion. As part of this commitment, Zapier welcomes applications from individuals with disabilities and will work to provide reasonable accommodations. If reasonable accommodations are needed to participate in the job application or interview process, please contact jobs@zapier.com.

#LI-Remote