Cresta

Compliance Analyst

Cresta

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $140,000 - $175,000 per year

Job Level

Mid-LevelSenior

Tech Stack

AWSAzureCloudGoogle Cloud Platform

About the role

  • Lead and manage all customer-facing security conversations, partnering cross-functionally to ensure timely resolution of issues and seamless execution of the security review lifecycle within sales deals.
  • Perform risk assessments to identify gaps, come up with recommendations, and drive the gaps to remediation.
  • Streamline and lead SOC 2 Type II, ISO 27001/27701/42001, PCI-DSS, TISAX and HIPAA audit processes.
  • Perform internal audits and keep the necessary documentation updated as required for audits.
  • Perform gap assessments against new regions and target industry markets to comply with compliance regulations as the company expands.
  • Conduct new-hire and annual security awareness training to educate personnel and re-iterate security and compliance requirements.
  • Oversee and continuously improve the vendor risk management framework, ensuring effective identification, assessment, and mitigation of third-party risks.
  • Establish metrics to track compliance program effectiveness and to report risk.
  • Interface with both technical (Engineering/Product) and non-technical (Sales/Marketing/Customer Success) teams.
  • Respond to customer RFIs, questions, audits and technical documentation requests.
  • Help build our common control framework and drive adoption of the framework within the organization.
  • Build and automate processes to achieve continuous compliance over the technology control environment.
  • Assist with sales and marketing materials representing product security and compliance.

Requirements

  • 4+ years of experience in security governance, IT audit, or security compliance management
  • 3+ years of program management, with experience in affecting technology decisions
  • End-to-end experience going through SOC 2 Type II, HITRUST, HIPAA, TISAX, ISO 27001/27701/42001, FedRAMP, and PCI-DSS external audits
  • Experience in a hands-on technical role, with basic understanding of software implementation and integration
  • Experience with cloud environments on AWS, GCP, Azure
  • A track record of building relationships and credibility with business leads, external partners, and regulators through collaborative and independent programs
  • Experience managing competing efforts and requirements
  • Experience with fast-growing cloud native SaaS start-ups
Benefits
  • Comprehensive medical, dental, and vision coverage with plans to fit you and your family
  • Flexible PTO to take the time you need, when you need it
  • Paid parental leave for all new parents welcoming a new child
  • Retirement savings plan to help you plan for the future
  • Remote work setup budget to help you create a productive home office
  • Monthly wellness and communication stipend to keep you connected and balanced
  • In-office meal program and commuter benefits provided for onsite employees

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
security governanceIT auditsecurity compliance managementrisk assessmentsSOC 2 Type IIISO 27001ISO 27701PCI-DSSHITRUSTFedRAMP
Soft skills
program managementrelationship buildingcollaborationindependent program managementcommunicationproblem-solvingorganizational skillstraining and educationvendor risk managementmetrics establishment