Who We Are
Having surpassed $300M ARR and continuing to grow, AuditBoard is the leading audit, risk, ESG, and InfoSec platform on the market. More than 50% of the Fortune 500, including 7 of the Fortune 10, leverage our award-winning technology to move their businesses forward with greater clarity and agility. And our customers love us: AuditBoard is top-rated on G2.com and Gartner Peer Insights.
At AuditBoard, we inspire each other to innovate and are proud of what we are producing. We spend each day thinking of new ways to help our customers and contribute to the greater good of our company and our surrounding communities. We are all about assisting each other and breaking through barriers to create the most loved audit, risk, ESG, and InfoSec platform by our customers. This is how we have become one of the 500 fastest-growing tech companies in North America for the sixth year in a row, as ranked by Deloitte!
AuditBoard is looking for an experienced Compliance Analyst to enhance the strategic pillars of a security compliance program and facilitate day-to-day compliance operations. This individual will be involved in multiple areas of the business where compliance and security impact our operations (e.g. Awareness & Training, Policy Management, Control Testing & Monitoring, Continuity Testing Facilitation, and Management of Compliance Standards). This role will require the individual to have a foundational understanding of GRC concepts and how those concepts pertain to multiple departments across the business.
This position will have visibility and interaction with the security, IT, engineering, legal, and other cross-functional teams at AuditBoard. This person will work on assignments that are complex in nature and require professional skepticism, judgment, initiative, and knowledge of common SaaS Company positions to resolve problems and/or develop recommended solutions.
This position reports to the Director of Information Security Compliance and is a perfect role for someone who is passionate about building compliance operations procedures and 2nd line control testing in a fast-paced environment and is an all-around great team player.
Key responsibilities:
Participates in maintaining and evolving the compliance program framework, including designing and developing policies, standards, and procedures.
Facilitates and performs 2nd Line of Defense control testing and validation
Facilitates compliance operations including User Access Reviews, Due Diligence Questionnaires, and Issues Management.
Consults with cross-functional and security teams to implement policies and procedures as well as assess data privacy and security risks, to mitigate potential compliance issues.
Contributes to the maintenance and continuous improvement of the overall security compliance posture of AuditBoard.
Interfaces and collaborates with security and legal teams on compliance issues
Participates in security compliance assessments
Assists in providing responses to customer and vendor questionnaires
Facilitates training, awareness, and communication of security and compliance matters across AuditBoard;
Participates in developing and delivering training programs on security awareness, data handling/protection, and privacy.
Works globally and cross-functionally to translate compliance requirements and principles into a set of common controls and practices
Attributes of a Successful Candidate:
3+ years of experience as a security compliance professional with an in-depth understanding of control objectives, procedures, compliance gap assessments, and evidence collection covering ISO 27001 / 27002, NIST CSF, NIST 800-53, CMMC / NIST 800-171, SOC1 / SOC2, FedRAMP, and common industry standards.
Experience in a B2B SaaS organization
Knowledge and experience with compliance automation tooling and practices / SQL.
Bachelor's degree
Ability and desire to learn new technologies and data flows quickly to help assess security risks and develop appropriate risk mitigation elements
Ability to translate and distill laws and regulatory requirements and legal advice into operational control procedures and policies and provide practical guidance to business units and functions on those requirements
Ability to collect, describe, and display technical information in a way to help decision-making
Participates in industry security organizations and associations to learn emerging trends and best practices
Experience in collaborating among cross-functional and global teams with the ability to drive and manage multiple simultaneous projects
Experience developing security and ELC controls and communicating them to business stakeholders.
Excellent verbal and written communication skills
Relevant privacy and security certifications such as CISSP, CISM, CISA.
Our Company Values
Customer obsession: Apply relentless focus on listening to and understanding customers as the core of everything we do
Win, together: Drive to be the best while supporting each other’s success
Gritty resilience: Thrive in a fast-paced and dynamic environment, balancing immediate priorities with big-picture strategic goals
Personal improvement: Stay eager to share insights, seek feedback, and continuously learn
Constant innovation: Challenge the status quo and drive improvements
Perks*
Launch a career at one of the fastest-growing SaaS companies in North America!
Live your best life (LYBL)! $200/mo for anything that enhances your life
Comprehensive employee health coverage (all locations)
401K with match (US) or pension with match (UK)
Competitive compensation & bonus program
Flexible Vacation (US exempt & CA) or 25 days (UK)
Time off for your birthday & volunteering
Employee resource groups
Opportunities for team and company-wide get-togethers!
*perks may vary based on eligibility/location
Please note that background checks are required. Qualified Applicants with arrest or conviction records will be considered for Employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. This role may have access to highly sensitive data, including employee data, customer data, company financials, and proprietary product information.
We love building strong partnerships, but please note that AuditBoard cannot accept unsolicited resumes from agencies. Any submissions without a signed agreement in place will not create a fee obligation.
#LI-Remote
