Sr. IT Risk and Compliance Analyst

United States

Applications have closed


Power insights and outcomes with the Elasticsearch Platform and AI. See into your data and find answers that matter with enterprise solutions designed to help you build, observe, and protect. Try Elasticsearch free today.

View company page

Elastic is a free and open search company that powers enterprise search, observability, and security solutions built on one technology stack that can be deployed anywhere. From finding documents to monitoring infrastructure to hunting for threats, Elastic makes data usable in real-time and at scale. Thousands of organizations worldwide, including Barclays, Cisco, eBay, Fairfax, ING, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, and Verizon, use Elastic to power mission-critical systems. Founded in 2012, Elastic is a distributed company with Elasticians around the globe. Learn more at

We are looking for an IT Risk & Compliance (R&C) Analyst to join our growing IT Risk & Compliance (R&C) team! The IT R&C team's mission is to educate risk-concepts to Elasticians and facilitating the risk management and audit experience by acting as a key contact within IT to generate thought leadership, provide guidance, and evidence collection.

The ideal candidate is a self-motivated individual who appreciates a practical approach to risk and compliance, and someone who is passionate about understanding the "why" in managing risk. In your role as a trusted advisor, you’ll proactively consult on matters of risk management within IT, as well as your peers in the Information Security, Internal Audit, and other teams at Elastic.

What you will be doing

  • Assist in the implementation of the IT General Controls program
  • Educate a diverse workforce in the “why”, “what”, and “who” of internal controls
  • Identify and document requirements, risks and control designs
  • Assist with internal controls walkthroughs and obtaining evidence requested from audit teams
  • Aid in designing new processes or controls to enhance our risk management program
  • Aid the remediation effort for control failures and process improvements
  • Aid in the review of internal controls and security of systems under development as well as major IT projects and initiatives

What You Bring Along:

  • 3 to 4 years of experience in IT Audit or IT Risk Advisory from a public accounting firm, a professional services firm, or a public company
  • A deep understanding of IT General Controls and the role they play in an overall control environment is a must
  • Knowledge of how periodic user access reviews work, and critical audit testing attributes
  • Experience with reviewing and analyzing SOC1/2 reports
  • Ability to manage multiple tasks and priorities, and to stay organized and efficient in a fast-paced environment
  • Good communication skills and ability to work effectively across multiple functional and business groups
  • Ability to think critically and creatively to help identify issue resolutions
  • Demonstrated creativity and flexibility in problem solving and project collaboration

Compensation for this role is in the form of base salary.  This role does not have a variable compensation component.  

The typical starting salary range for new hires in this role is listed below.  In select locations (including Seattle WA, Los Angeles CA, the San Francisco Bay Area CA, and the New York City Metro Area), an alternate range may apply as specified below. 

These ranges represent the lowest to highest salary we reasonably and in good faith believe we would pay for this role at the time of this posting.  We may ultimately pay more or less than the posted range, and the ranges may be modified in the future.  

An employee's position within the salary range will be based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, geographic location, performance, and business or organizational needs.

Elastic believes that employees should have the opportunity to share in the value that we create together for our shareholders. Therefore, in addition to cash compensation, this role is currently eligible to participate in Elastic's stock program.  Our total rewards package also includes a company-matched 401k with dollar-for-dollar matching up to 6% of eligible earnings, along with a range of other benefits offered with a holistic emphasis on employee well-being.

The typical starting salary range for this role is:
$94,300$149,155 USD
The typical starting salary range for this role in the select locations listed above is:
$113,300$179,170 USD

Additional Information - We Take Care of Our People

As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.

We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do.

  • Competitive pay based on the work you do here and not your previous salary
  • Health coverage for you and your family in many locations
  • Ability to craft your calendar with flexible locations and schedules for many roles
  • Generous number of vacation days each year
  • Double your charitable giving - We match up to $1500 (or local currency equivalent)
  • Up to 40 hours each year to use toward volunteer projects you love
  • Embracing parenthood with minimum of 16 weeks of parental leave

Different people approach problems differently. We need that. Elastic is an equal opportunity/affirmative action employer committed to diversity, equity, and inclusion. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other basis protected by federal, state or local law, ordinance or regulation.

We welcome individuals with disabilities and strive to create an accessible and inclusive experience for all individuals. To request an accommodation during the application or the recruiting process, please email We will reply to your request within 24 business hours of submission.

Applicants have rights under Federal Employment Laws, view posters linked below: Family and Medical Leave Act (FMLA) Poster; Pay Transparency Nondiscrimination Provision Poster; Employee Polygraph Protection Act (EPPA) Poster and Know Your Rights (Poster)

Please see here for our Privacy Statement.

Tags: Audits C Compliance Monitoring Polygraph Privacy Risk management SOC 1

Perks/benefits: 401(k) matching Career development Competitive pay Equity Flex hours Flex vacation Health care Medical leave Parental leave Transparency

Region: North America
Country: United States
Job stats:  24  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.