Security Compliance Analyst

Summary

Join Figma's growing team as a Security Compliance Analyst and help manage the audit certification lifecycles for compliance initiatives. You will drive certification roadmaps based on customer needs, ensuring timely delivery of assessments. This role offers the chance to enhance efficiencies, streamline processes, and strategically scale compliance programs. You will maintain existing certifications, serve as a subject matter expert, conduct gap assessments, and improve operational activities. The ideal candidate possesses 3+ years of relevant experience and familiarity with various security compliance frameworks. Figma offers a competitive compensation package and benefits.

Requirements

• 3+ years of security compliance or IT compliance experience
• Worked with various security compliance frameworks (including ISO 27001, SOC 2, and NIST)
• Familiarity with cloud computing/architecture such as AWS
• Conducted compliance gap assessments and worked cross-functionally to remediate any identified issues
• Led or supported external audits

Responsibilities

• Maintain existing Security Compliance Certifications and Frameworks (i.e. SOC 2 Type II, ISO 27001)
• Serve as a subject matter authority for applicable compliance standards and be a valued partner to the business and engineering teams in the implementation of the standards
• Gap assess new in-scope tools and new hosting regions/environments against existing controls and processes
• Help drive and improve Annual Operational Activities (i.e. Quarterly Privileged User Access Reviews)
• Implement and mature controls that scale and do not burden teams
• Refine Figma’s Common Control Framework through control rationalization efforts
• Configure compliance automation tooling to help achieve continuous monitoring and automated evidence collection for external audits
• Communicate progress, customer concerns, and issue resolution to management and team stakeholders
• Align changes made to existing controls and processes to the Information Security and Data Privacy Policies

Preferred Qualifications

• Planned, coordinated, and prioritized multiple sophisticated projects to completion
• Experience with control rationalization and drafting control narratives
• Demonstrated experience establishing work relationships across multi-disciplinary teams (including Security, Engineering, Legal, IT, and HR)

Benefits

• Health, dental & vision
• Retirement with company contribution
• Parental leave & reproductive or family planning support
• Mental health & wellness benefits
• Generous PTO
• Company recharge days
• A learning & development stipend
• A work from home stipend
• Cell phone reimbursement
• Sales incentive pay for most sales roles
• Equity