Senior Analyst - Governance, Risk and Compliance

October 4

Apply Now

Receive Emails with Similar Jobs

Formstack

WebsiteLinkedInAll Job Openings

online order forms • contact forms • surveys • event registrations • nonprofits

201 - 500 employees

Founded 2006

☁️ SaaS

⚡ Productivity

🤝 B2B

💰 $425M Private Equity Round on 2021-11

Description

• Lead and manage Formstack’s compliance initiatives related to regulations such as HIPAA, SOC 2, GDPR, ISO 27001, PCI-DSS, CCPA, and others. • Collaborate with internal teams (product, legal, IT, and engineering) to develop, implement, and maintain Formstack’s security policies, controls, and procedures. • Perform risk assessments and conduct security audits across departments to ensure compliance with regulatory and industry standards. • Assist in the preparation and facilitation of external audits and certifications (e.g., SOC 2 audits, ISO 27001 certification processes). • Maintain and enhance Formstack's risk management framework, including the identification, assessment, and mitigation of operational, legal, and regulatory risks. • Monitor security compliance trends, changes in regulatory requirements, and new compliance frameworks relevant to Formstack’s operations. • Develop, maintain, and update internal documentation, including security policies, standards, and guidelines, to ensure they reflect current regulatory requirements and best practices. • Manage the vendor risk management program, including the review and monitoring of vendor compliance with Formstack’s security standards. • Support security awareness training programs across the organization to ensure that all employees are knowledgeable about GRC policies. • Provide guidance on governance initiatives and best practices to help improve organizational alignment with compliance and risk management standards. • Ensure incident response plans and business continuity plans are up to date and regularly tested through internal tabletops. • Collaborate on data privacy initiatives and ensure that Formstack’s practices align with privacy regulations like GDPR and CCPA. • Act as a liaison between external regulatory bodies, auditors, and internal teams.

Requirements

• 5+ years of experience in Governance, Risk, and Compliance (GRC) or a related field, ideally within a SaaS, technology, or healthcare-related environment. • Strong knowledge of industry standards and frameworks, including NIST, SOC 2, or ISO 27001. • Demonstrated experience conducting risk assessments, security audits, and managing compliance projects. • Hands-on experience with cloud security and compliance in environments like AWS. • Strong understanding of cybersecurity principles. • Experience with third-party vendor risk management and compliance monitoring. • Excellent written and verbal communication skills, with the ability to translate complex regulatory requirements into actionable guidance. • Ability to work cross-functionally with legal, IT, and engineering teams. • Strong organizational skills, attention to detail, and the ability to manage multiple projects in a fast-paced environment. • Bonus Points: • Bachelor’s degree in a relevant field (e.g., Information Security, IT, Business, Law, Engineering). • Certifications such as CISSP, CISA, CISM, or CRISC. • Familiarity with frameworks such as COBIT or ISO 31000. • Experience in the technology or SaaS industry, with a focus on product compliance. • Knowledge of secure software development practices and DevSecOps. • Experience working in an agile or DevOps environment. • Strong knowledge of industry standards and frameworks, including HIPAA, GDPR, PCI-DSS and CCPA.