Security & Compliance Analyst

Remote - US /
Compliance & Security /
Full Time
At FortressIQ we’re developing process cognition technologies that understand how businesses operate. We’re improving people’s work lives by helping to automate routine tasks, allowing them to focus on higher value work and more meaningful interactions. We’re applying the latest advances in computer vision and machine learning to deliver the insights and tools businesses need to empower the digital workforce.

We’ve built the first AI platform that can understand a company’s workflows through simple observation, dramatically improving their organizational understanding. If you’re interested in designing and building a new category of business tools, and radically improving operations for some of the largest companies in the world, join us.

This is an exciting opportunity as an individual contributor to join the hottest sector in technology; in a well-funded AI startup, helping contribute to the company objectives, delivering value to all stakeholders, including internal and external customers, regulators, partners, auditors and investors.

The Role

    • The purpose of the position is to help deliver Trust to stakeholders, by interacting with all stakeholders (primarily customers and partners), but also by contributing to other key aspects of the Security and Compliance organization. This will directly impact on our ability to sell the product, and respond to and manage risks.
    • This role is within the Security and Compliance department and works across all departments.
    • The primary responsibility is to deliver Trust to external customers by being the interface between customer security teams, clients and partners as well as our internal SMEs.
    • Training will be provided on our product, security and compliance posture and portfolio.
    • As this is the early days of a startup, multiple hats will be required, at times with an all hands on deck approach - this is a fantastic longer term opportunity for growth, both personally and professionally. There is potential for the successful applicant being promoted in time with their own team resources as the business needs and strategy dictate. 

What You'll Accomplish

    • Support the sales process by answering questions and formal questionnaires from customers and partners, providing security and compliance documentation as needed (30-60%)
    • Contribute by updating, writing and drafting documentation of processes and procedures, policy work, automating tasks where required or bringing in supporting tooling (10%)
    • Support Audit processes; gathering evidence and validating ongoing compliance (30%)
    • Backup support to Director position for various Security & Compliance work such as (rarely) Incident Response, Exercises as mandated by certifications, Team communications, PTO cover (10%)
    • Other Security and Compliance tasks may be required from time to time.

What You'll Need

    • Degree(s) in IT and at least one relevant Industry certification, e.g. CISSP or ISACA or similar related cert
    • 2 years minimum of experience post tertiary education
    • Experience answering customer due diligence and third party risk questionnaires
    • Experience with providing evidence for Audits (internally and externally)
    • Experience with Compliance and Security Policy work and related documentation
    • Experience working across multiple internal departments, proven track record of delivering results to multiple stakeholders
    • Experience working with GRC/Integrated Risk systems, ticketing systems, ideally Clubhouse and similar (Atlassian suite is acceptable)

Bonus Points!

    • Experience with Privacy, PCI, HIPAA, ISO concepts, requirements and DPIA and related risk assessments
    • Vulnerability Management - tooling, reporting, analysis
    • DR/BC and Incident Response experience
About FortressIQ

FortressIQ defines security, insights and governance in enterprise business automation and AI. Based in San Francisco, and backed by Lightspeed Ventures and some of the other best names in venture capital, we’re building the defining platform for managing automation within the Global 2000.

We believe that algorithms and bots work best when they’re managed like employees: given the tools they need to succeed while being held to clear standards of success. Our mission is to help this new ‘digital workforce’ thrive within the enterprise by addressing the security, compliance and data problems endemic to using today’s automation platforms at scale.