Stack Overflow empowers the world to develop technology through collective knowledge. More than 100 million people visit Stack Overflow every month, making it one of the most-visited websites in the world.
Best known for its public platform, Stack Overflow helps people find the answers they need, when they need them. That includes serving up relevant technologies to the community through Stack Overflow Advertising, providing direct access to technology-specific subject matter experts with Collectives™, sharing more about companies as future employers, and helping teams scale with its market-leading knowledge sharing and collaboration platform, Stack Overflow for Teams.
As our Senior Compliance Analyst, your job is to maintain and improve the Information Security & Privacy Management System (ISPMS) that keeps our customers’ information safe. You’ll work directly with the Senior Director of Information Security and other lines of business to evaluate risk and make decisions that will drive the business forward.
What you’ll do:
- Assist in ISO 27001/27701, GDPR, and SOC2 compliance activities including risk assessments, scoping, planning, testing, deficiency analysis, and reporting
- Assist in the preparation of the annual internal audit and risk assessment
- Assist with periodic ISPMS Committee reporting
- Assist in project and system implementation reviews
- Recommend improvements to process and controls
- Monitor implementation of agreed upon controls or activities
- Coordinate with external auditors and control owners on audit related matters
- Perform data analytics to support operational audits and the ISPMS/ISMS
- Perform special audit projects as requested by management
- Build positive relationships across all lines of business at all levels to effectively deliver audit solutions and contribute directly to business success
- Responsible for ensuring the production and maintenance of detailed security documentation and the ISPMS.
- Accommodate ad-hoc activities in support if requested for other internal customers or external compliance activity.
- Review and manage security risk and threat assessment
- Keep up to date with the latest security and technology developments
What we’re looking for:
- Bachelors in related field
- CISA, CISSP, CPA certifications a plus
- 5 years minimum relevant experience
- Software/SaaS or Technology industry experience with subscription and professional services revenue
- Experience with internal control concepts and frameworks (COSO, COBIT, ITGC, SOC2, ISO 27001/27701)
- Experience in testing of business processes, IT General Controls, IT Application controls and key reports
- Experience facilitating multiple team members on concurrent projects
- Excellent verbal and written communication skills; ability to clearly and concisely interface with all levels of the organization
- Strong leadership skills, high EQ, and proactive problem-solving approach
- Strong multi-tasking skills; organized and great attention to details
- Experience with ZenGRC or equivalent tool
- Experience in auditing software as a service providers is a plus
Our ecosystem includes:
- Google Suite
- Cisco and Meraki Networking Gear
- Bash, Python, Powershell
- Windows and Linux servers
- Mac and PC laptops
- Workspace One and Carbon Black
What You’ll Get in Return:
- Competitive Base Salary between $120,000 and $150,000
- Generous paid vacation
- Generous parental leave (16 weeks at 100% pay), family care leave, and unlimited sick days
- Equity for all employees at all level
- Industry-leading health benefits that are applicable per country of residence for all our full-time employees
- Company-paid Life Insurance
- Health & wellness stipend
- Home Internet stipend
- Professional allocation for your growth and development
- Company-paid access to Calm, Bravely, LinkedIn Learning, and Overdrive
If your role is not located in one of our offices…. We’ll reimburse you up to $2,000 to set up a great home office. And, you will receive an additional $400 allowance for your home office set up on each anniversary date.
We’re a remote-friendly team. Whether you work remotely or work in one of our offices, you’ll be part of a team culture that emphasizes online communication (Slack, GitHub, Hangouts, Zoom, Stack Overflow for Teams).
We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
For job positions in San Francisco, CA, and other locations where required, we will consider employment for qualified applicants with arrest and conviction records
Diverse teams build better products.
Legally, we need you to know this:
Stack Exchange, Inc. does not discriminate in employment matters on the basis of race, color, religion, gender, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other protected class. We support workplace diversity
But we want to add this:
We strongly believe that diversity of experience contributes to a broader collective perspective that will consistently lead to a better company and better products. We are working hard to increase the diversity of our team wherever we can and we actively encourage everyone to consider becoming a part of it.