Information Security Analyst

Summary

Join Typeform's Information Security team as an Information Security Analyst and help shape and execute our security and compliance strategy. You will support compliance frameworks such as ISO/IEC 27001, SOC 2, HIPAA, and GDPR, manage risk, and embed security practices in daily operations. Collaborate with various teams across the organization to ensure security remains a top priority. This role offers opportunities for growth and ownership of operational security work while contributing to strategic initiatives. You will work with compliance automation platforms and support internal audits and assessments. The ideal candidate possesses experience in information security, risk management, or compliance, preferably in a SaaS environment.

Requirements

• Experience in information security, risk management, or compliance, preferably in a SaaS environment
• Understanding of security frameworks such as ISO/IEC 27001, SOC 2, HIPAA, and GDPR
• Experience with security compliance automation tools (e.g., Vanta, Drata, or similar platforms)
• Ability to work collaboratively with multiple teams, balancing compliance requirements with business needs
• Strong problem-solving skills and attention to detail
• Excellent communication skills with the ability to engage with stakeholders across different departments
• Self-driven mindset with a desire to own and improve security operations over time

Responsibilities

• Support and manage Typeform’s compliance programs, including ISO, SOC 2, and HIPAA
• Assist in third-party risk assessments, vendor security reviews, and customer security inquiries
• Work closely with Vanta (our compliance automation platform) to manage security workflows and maintain compliance frameworks
• Collaborate with GTM teams (Sales, CS, and Legal) to ensure security compliance in customer engagements
• Monitor and support operational security processes, ensuring requests from internal teams are addressed efficiently
• Track and report on security metrics, identifying opportunities for continuous improvement
• Support internal audits and assessments to maintain and expand our compliance certifications
• Work with cross-functional teams (R&D, IT, and People) to embed security best practices across the organization

Preferred Qualifications

• Previous experience in a SaaS or cloud-first organization
• Understanding of security in cloud environments (AWS, GCP, Azure)
• Certifications such as CISA, CISSP, or ISO 27001 Lead Auditor/Implementer
• Experience with third-party vendor risk management
• Experience supporting sales and customer success teams with security-related requests