Job Description / About the role

The security & compliance team at Vendia owns creating and maintaining the highest standards of security and privacy for our customers and partners while enabling innovation. We achieve this by partnering with teams across the company to effectively and efficiently meet the standards we create, and are actively hiring experienced individuals to lead assurance programs integrated with technical and business operations.

 

As a Compliance Analyst at Vendia, you will conduct system assessments and facilitate audits throughout the enterprise. This role reports to the Director of Security & Compliance and will work closely with leaders across the company. This role will be responsible for the execution of multiple “V1” compliance assurance programs, including assessment and audit execution. It also includes the development of compliance controls and recommendations, and mentoring fellow team members. Successful candidates for this role will display the strong ownership and responsibility necessary to maintain the security and compliance of the company's product and services.

We are a virtual company seeking employees who can operate within +/- 5 hours of the US Pacific Time Zone.

What you’ll do / Responsibilities:

  • Lead the planning, scoping, execution and documentation of internal assessments and external audits. Includes developing, maintaining, monitoring and continuous improvement of internal controls and policies to protect Vendia systems and data.
  • Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted enterprise, industry, and government standards.
  • Assess, communicate and partner with our business and systems owners to determine security control efficacy, solutions within constraints, and facilitate justifiable confidence in the system's security posture.
  • Partner with engineering to automate and optimize evidentiary collection procedures.
  • Operate and contribute to continuous improvement of information security assurance processes and systems.
  • Maintain awareness of changes to regulations, compliance guidelines, assessment methodologies, and the emerging tactics, techniques & procedures; recommend proactive changes to controls, policies, and procedures in response to these changes.

Basic Qualifications

  • This role will be Contract to hire.
  • Bachelor's or equivalent work experience.
  • 3+ years experience leading data privacy, security and governance regulation programs.
  • 5+ years experience working with internal or external organizations to prepare for, conduct, and manage audits efficiently and effectively. Including control testing, security standards / policy implementation, security audits, or security risk management, in programs including SOC2, ISO 27001, PCI DSS, HIPPA, NIST, etc.
  • 5+ years of experience utilizing security relevant tools, systems, and applications in support of the Risk Management Framework (RMF), continuous authorization, and continuous monitoring, e.g.: NESSUS, ACAS, DISA STIGs, SCAP, audit reduction, and HBSS.
  • Proven ability to incorporate lessons learned into the continuous process improvement cycle driving increased assurance effectiveness and efficiency.
  • Proven analytical thinking, attention to details, and exceptional program management.
  • Strong written and verbal communication skills.

Preferred Skills and Experience:

  • Strong understanding of security program and control frameworks, assessment methodologies, and practices, i.e. NIST RMF, NIST CSF, SO-27001, 800-53(a), 800-171(a), CMMC, CNSSI 1253, 800-137, PCI, HIPAA, GDPR, CUI, ITAR, EAR, Cardholder Data, etc.
  • Security certifications such as CISSP, CISM, CISA, GNSA or equivalent certification.
  • Prior experience leading or managing security audits at a SaaS/Cloud company or as a Security Auditor at an audit firm

About Vendia

Vendia’s business blockchain facilitates secure, trusted, and controlled data exchange between multiple parties so enterprises can automate and accelerate data workflows across business networks. Some of the world’s biggest brands are already leveraging Vendia to bring strategic partners together and quickly build data applications that unlock revenue, innovation, and cost savings.

Vendia is a rapidly growing, minority-owned startup headquartered in San Francisco and Seattle, backed by $50M in investment from top-tier investors. Vendia was founded by industry veterans, Dr. Tim Wagner, the inventor of Lambda serverless computing at Amazon Web Services and VP of Engineering at Coinbase, and Shruthi Rao who led go-to-market of Serverless and Blockchain at Amazon Web Services. 

We embrace remote workers but also love interactive development. Our culture is dynamic, with a focus on rapid, iterative delivery and continuous learning from customer engagements. Most importantly, we are a "succeed or fail together" company - everyone here plays nicely with each other, a culture we’ve enshrined in our Kind Humans Policy, and a key requirement for all job applicants.

Apply for this Job

* Required
resume chosen  
Dropbox Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
cover_letter chosen  
Dropbox Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
When autocomplete results are available use up and down arrows to review
+ Add another education

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Vendia’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.