Job Description / About the role
The security & compliance team at Vendia owns creating and maintaining the highest standards of security and privacy for our customers and partners while enabling innovation. We achieve this by partnering with teams across the company to effectively and efficiently meet the standards we create, and are actively hiring experienced individuals to lead assurance programs integrated with technical and business operations.
As a Compliance Analyst at Vendia, you will conduct system assessments and facilitate audits throughout the enterprise. This role reports to the Director of Security & Compliance and will work closely with leaders across the company. This role will be responsible for the execution of multiple “V1” compliance assurance programs, including assessment and audit execution. It also includes the development of compliance controls and recommendations, and mentoring fellow team members. Successful candidates for this role will display the strong ownership and responsibility necessary to maintain the security and compliance of the company's product and services.
We are a virtual company seeking employees who can operate within +/- 5 hours of the US Pacific Time Zone.
What you’ll do / Responsibilities:
- Lead the planning, scoping, execution and documentation of internal assessments and external audits. Includes developing, maintaining, monitoring and continuous improvement of internal controls and policies to protect Vendia systems and data.
- Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted enterprise, industry, and government standards.
- Assess, communicate and partner with our business and systems owners to determine security control efficacy, solutions within constraints, and facilitate justifiable confidence in the system's security posture.
- Partner with engineering to automate and optimize evidentiary collection procedures.
- Operate and contribute to continuous improvement of information security assurance processes and systems.
- Maintain awareness of changes to regulations, compliance guidelines, assessment methodologies, and the emerging tactics, techniques & procedures; recommend proactive changes to controls, policies, and procedures in response to these changes.
- This role will be Contract to hire.
- Bachelor's or equivalent work experience.
- 3+ years experience leading data privacy, security and governance regulation programs.
- 5+ years experience working with internal or external organizations to prepare for, conduct, and manage audits efficiently and effectively. Including control testing, security standards / policy implementation, security audits, or security risk management, in programs including SOC2, ISO 27001, PCI DSS, HIPPA, NIST, etc.
- 5+ years of experience utilizing security relevant tools, systems, and applications in support of the Risk Management Framework (RMF), continuous authorization, and continuous monitoring, e.g.: NESSUS, ACAS, DISA STIGs, SCAP, audit reduction, and HBSS.
- Proven ability to incorporate lessons learned into the continuous process improvement cycle driving increased assurance effectiveness and efficiency.
- Proven analytical thinking, attention to details, and exceptional program management.
- Strong written and verbal communication skills.
Preferred Skills and Experience:
- Strong understanding of security program and control frameworks, assessment methodologies, and practices, i.e. NIST RMF, NIST CSF, SO-27001, 800-53(a), 800-171(a), CMMC, CNSSI 1253, 800-137, PCI, HIPAA, GDPR, CUI, ITAR, EAR, Cardholder Data, etc.
- Security certifications such as CISSP, CISM, CISA, GNSA or equivalent certification.
- Prior experience leading or managing security audits at a SaaS/Cloud company or as a Security Auditor at an audit firm
Vendia’s business blockchain facilitates secure, trusted, and controlled data exchange between multiple parties so enterprises can automate and accelerate data workflows across business networks. Some of the world’s biggest brands are already leveraging Vendia to bring strategic partners together and quickly build data applications that unlock revenue, innovation, and cost savings.
Vendia is a rapidly growing, minority-owned startup headquartered in San Francisco and Seattle, backed by $50M in investment from top-tier investors. Vendia was founded by industry veterans, Dr. Tim Wagner, the inventor of Lambda serverless computing at Amazon Web Services and VP of Engineering at Coinbase, and Shruthi Rao who led go-to-market of Serverless and Blockchain at Amazon Web Services.
We embrace remote workers but also love interactive development. Our culture is dynamic, with a focus on rapid, iterative delivery and continuous learning from customer engagements. Most importantly, we are a "succeed or fail together" company - everyone here plays nicely with each other, a culture we’ve enshrined in our Kind Humans Policy, and a key requirement for all job applicants.