Security Compliance Analyst

Remote - US /
General & Administrative – Information & Security /
At Rollbar, our mission is to help developers build software quickly and painlessly. We are a ~70-person team based in San Francisco, Barcelona, and Budapest. Over 100,000 developers use our product to innovate faster and decrease time to market while maintaining a best-in-class customer experience. Rollbar is used by some of the best engineering teams in the world, including Twilio, Salesforce, Zendesk, Affirm, and Twitch.

The Security and Compliance team is charged with designing, evaluating, implementing, and improving Rollbar’s Information Security Management System. As a Security Compliance Analyst, you will work to assure Rollbar’s software systems, processes, and infrastructure meet the highest security standards and conform to applicable frameworks and regulations so that customer information remains safe and secure. You will become a subject matter expert in Security Governance, Risk, and Compliance at Rollbar.

You will:

    • Collaborate with cross-functional teams to support Rollbar’s security compliance projects including audit evidence collection (e.g. SOC 2, ISO 27001, HIPAA)
    • Assist with security and compliance training (e.g. HIPAA, security awareness, developer security)
    • Contribute to answers for security questionnaires and inquiries (e.g. CAIQ, VSA, SIG)
    • Complete vendor security onboarding (and recurring) assessments and monitoring
    • Coordinate vulnerability management and remediation (e.g. pen test, vulnerability scans, responsible disclosure)
    • Communicate progress, escalations, and issue resolution to management and team members
    • Participate in risk assessment, tracking, and treatment
    • Consult on the security compliance requirements for new security controls
    • Engage in continual improvement of security and compliance programs including ongoing operational requirements

You have:

    • 4+ years of security compliance or audit related experience in a SaaS company
    • Knowledge of computer and network security, authentication, security controls, and GCP (or AWS)
    • Ability to easily translate compliance requirements into an actionable plan
    • Solid understanding and experience in performing information security risk assessmentsSOC 2, ISO 27001, or HIPAA auditing or implementation experience

Bonus points:

    • Lead Implementer (or other audit certifications)
    • CISA, CISSP, or CISM certification (or willingness to complete certification)

Benefits and perks:

    • Rapid career growth opportunities
    • Competitive salary and stock options
    • Medical, dental, and vision insurance
    • Parental leave - 12 weeks
    • Generous hardware and software allowance
    • Remote work environment
    • Inclusive team-oriented culture
    • Have fun while making an impact