Senior Security Compliance Analyst

Iterable
Summary
Join Iterable's growing security team as a Sr. Security Compliance Analyst! You will play a key role in ensuring Iterable maintains a strong security and compliance posture. This involves conducting risk assessments, assisting with audits (SOC 2, ISO, privacy certifications), managing RFPs and contract reviews, and collaborating with stakeholders across the organization. You will analyze security and privacy risks, provide remediation guidance, and support customer trust initiatives. The ideal candidate possesses strong risk assessment fundamentals, technical aptitude, experience in security and privacy risk assessment, and familiarity with compliance frameworks. Iterable offers a competitive salary, comprehensive benefits, and a supportive work environment.
Requirements
- Working knowledge of risk assessment fundamentals (impact analysis, residual risk, mitigation strategies, etc.)
- Technical aptitude for application and infrastructure vulnerabilities, especially in cloud environments
- Experience assessing and advising on security and privacy risks related to systems, data handling, and infrastructure
- Ability to analyze complex security and privacy issues, identify key risks, and provide clear, actionable recommendations
- Familiarity with industry-standard security and privacy compliance frameworks (ISO, SOC2, GDPR, CCPA, etc.)
- Strong customer service mindset with the ability to communicate security and privacy risks to internal and external stakeholders
- Experience reviewing contracts, handling RFPs, and addressing security and compliance concerns
- Strong attention to detail with the ability to multitask under tight deadlines
Responsibilities
- Conduct risk assessments to evaluate security, compliance, and operational risks across technical systems, third parties, and business processes
- Engage with stakeholders across the organization to understand business processes, assess risks, and collaboratively determine risk ratings based on impact and likelihood
- Assist with risk governance, working cross-functionally to identify, assess, and remediate security and privacy compliance risks
- Analyze the technical and business impact of identified security and privacy risks, providing clear remediation guidance
- Support compliance activities, including risk assessments, internal and external audits, and evidence gathering (e.g., SOC 2 Type 2, ISO 27001, CBPR, PRP)
- Support customer trust initiatives by managing security and privacy documentation, responding to customer inquiries, reviewing contract security terms, and assisting with RFPs and RFIs to ensure transparency and compliance
Preferred Qualifications
- Professional certifications such as CISA, CISSP, CISM, and/or CIPP
- Familiarity with Cloud service such as Amazon Web Services
Benefits
- Paid parental leave
- Competitive salaries, meaningful equity, & 401(k) plan
- Medical, dental, vision, & life insurance
- Balance Days (additional paid holidays)
- Fertility & Adoption Assistance
- Paid Sabbatical
- Flexible PTO
- Monthly Employee Wellness allowance
- Monthly Professional Development allowance
- Pre-tax commuter benefits
- Complete laptop workstation