Middesk

Information Security Associate

Middesk

full-time

Posted on:

Location Type: Hybrid

Location: New York CityNew YorkUnited States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $90,000 - $120,000 per year

About the role

  • Own Middesk’s trust and compliance platform (currently Vanta), including continuous monitoring, evidence collection, and control maintenance.
  • Manage and maintain compliance with frameworks and assessments such as SOC 2, ISO 27001, and external penetration tests.
  • Coordinate with internal teams and external auditors to support audits and assessments end-to-end.
  • Maintain a current and accurate inventory of subprocessors and vendors, with particular focus on access to customer data and PII.
  • Partner with Legal, Ops, and Engineering to assess vendor risk and ensure appropriate controls and contractual safeguards are in place.
  • Own and respond to due diligence questionnaires (DDQs), security reviews, and trust-related inquiries from customers and partners.
  • Develop reusable artifacts and processes to streamline security and compliance reviews as Middesk scales.
  • Chair Middesk’s internal oversight or security committee, including agenda setting, documentation, and follow-ups.
  • Own the lifecycle of security and compliance policies: drafting, review, approval, rollout, and periodic refresh.
  • Ensure policies are aligned with actual practices and system behavior—not just “paper compliance.”
  • Develop and maintain a strong understanding of Middesk’s data flows, systems, and architecture at a conceptual level.
  • Act as a translator between technical teams (Engineering, Security, Data) and non-technical teams (Legal, Sales, Customer Success, Operations).
  • Identify gaps between how the business operates and how it is represented in compliance artifacts, and drive remediation.
  • Be the internal point of contact for our external IT vendor (or be the person that makes the case that this needs to be brought in-house).

Requirements

  • Experience owning or materially contributing to SOC 2 and/or ISO 27001 programs at a SaaS or data-driven company.
  • Hands-on experience with compliance automation tools such as Vanta, Drata, Delve, or similar.
  • Strong understanding of data protection concepts, vendor risk, and security controls, even if not an engineer by background.
  • Ability to manage multiple stakeholders, deadlines, and ambiguous requirements with good judgment.
  • Clear written and verbal communication skills, particularly with auditors, customers, and internal leadership.
  • Familiarity with privacy frameworks (e.g., GDPR, CCPA) as they intersect with security and vendor management.
Benefits
  • Offers Equity 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
SOC 2ISO 27001compliance automationdata protectionsecurity controlsvendor risk managementcompliance frameworkssecurity policiesevidence collectioncontrol maintenance
Soft Skills
stakeholder managementjudgmentcommunicationcoordinationdocumentationagenda settingproblem-solvingtranslating technical conceptsleadershiporganizational skills