Compliance Analyst

San Francisco /
Technology, Security and Compliance /
Incode is looking for a Compliance Analyst to join our fast growing Technology, Security and Compliance team.

This is a GRC role, and this person will report to the Head of Information Security and work alongside multiple departments. This role will provide internal support for Incode's Security, Privacy, and Compliance policies, as well as, auditing and testing programs, and other key Compliance and Privacy initiatives. Our ideal candidate will be comfortable in a fast-paced startup environment.

Location flexible: Atlanta, San Francisco, and Mexico City are options

What You'll Be Doing

    • Work with leaders across all departments to help navigate through security control compliance standards and privacy by design (such as SOC2, ISO 27001, HIPAA, GDPR, and CCPA)
    • Respond to and help build efficient processes around security, legal, and privacy related requests, data subject requests, contracts, and questionnaires from existing customers and prospects
    • Track the latest technical security, compliance, and privacy innovations and stay up to date with the latest cyber security and compliance technologies
    • Drive change projects and build new capabilities that support a secure and compliant environment
    • Effectively communicate and educate Incode employees from all functions on the purpose and vision of our security, compliance, and privacy strategies
    • Create and implement a strategy for the development of compliance and privacy technologies, policies, and practices to secure protected and sensitive data while ensuring information security and compliance with applicable regulations
    • Write and test internal Security, Privacy, and Compliance related whitepapers, policies, and procedures
    • Advise senior leadership by identifying critical Privacy and Compliance issues and recommending risk-reduction solutions
    • Liaise with outside parties during third party audits, privacy risk assessments, and DPIAs.
    • Participate and represent Incode in Security and Compliance related inquiries from prospective customers and vendors
    • Work with Engineering on developing a processes for DPIA, privacy, and compliance assessments
    • Develop and roll out practical, effective internal training programs around Security, Privacy, and Compliance across the company
    • Collaborate with Marketing on how to best share Incode Security, Privacy, and Compliance policies externally

What You Should Have

    • Been a key member in a compliance program for a SaaS company in frameworks such as SOC2, HIPAA, GDPR, PCI, ISO 27001
    • Minimum of 5 years of experience in a combination of Privacy Compliance, Risk management, Information Security, and Information Technology fields
    • Able to communicate and collaborate with leadership as the subject matter expert in Privacy and Compliance, while putting threats and incidents into business context
    • Significant experience in developing Privacy, Compliance, and Information Security policies and procedures, as well as successfully executing programs that meet the objectives of the business
    • Extensive experience in dealing with internal / external auditors
    • Ability to create effective, practical, and ethical policies and procedures that address compliance controls
    • Self-driven and high attention to detail
    • Familiarity with SaaS, PaaS, IaaS providers and their impact and challenges from a compliance perspective
    • Fantastic written and verbal communication skills in English (and Spanish as a plus)
    • Ability to operate in and maintain a fast pace and cadence
    • Authorized to work lawfully in the United States of America or in Mexico as Incode does not engage in immigration sponsorship at this time.
    • CISM, NCSF, CCSP, CISSP, or CISA certifications
    • Extensive knowledge of GRC best practices for SaaS organizations
    • Familiarity with security standards (SOC 2, ISO 27001, HITRUST, and NIST 800) as well as privacy laws (CCPA and GDPR)
Incode Technologies is an identity company that builds secure, top-rated solutions for frictionless banking, hospitality, and retail experiences. Incode sets a new standard in convenience and security in order to enhance customer experiences while validating and protecting the user’s identity. Incode has developed one of the world’s fastest facial recognition technology running on the edge, as recognized by the National Institute of Standards and Technology. Incode’s anti-spoofing technology, LiveBeam, doesn’t require any user interaction and is the first passive facial liveness system in the world to achieve Level-1 certification for NIST iBeta Presentation Attack Detection (PAD) testing.  The company’s web and mobile solutions are adopted globally for a variety of applications, including onboarding, identity & ID verification, and transaction validation by some of the world’s largest financial institutions, governments, and retailers.

Founded in 2015 by a passionate serial-entrepreneur and a group of hard-working individuals, we seek out people from diverse backgrounds and encourage them to take risks and approach new challenges unconventionally. We believe brilliant minds have the power to do great things! We’re a fun-loving, goal-crushing team who are immensely proud to be part of a common goal: to map the identity of humankind. Headquartered in San Francisco, the company operates globally with additional offices in Latin America and Europe.

More about us:
Incode Welcome 
Incode Hello 
Incode Greet 
Incode Facepay

We look forward to learning more about you!