Senior Analyst - Governance, Risk and Compliance

October 4, 2024

Apply Now

Receive Emails with Similar Jobs

Formstack

WebsiteLinkedInAll Job Openings

Formstack is a workplace productivity platform that helps organizations digitize information, automate workflows, and optimize processes without requiring coding skills. It provides tools for building online forms, generating documents, and facilitating electronic signatures. Integrated seamlessly with CRMs and other business systems, Formstack enables data collection, management, and analysis, enhancing data integrity and reducing manual task dependency. With its robust suite of solutions, Formstack serves over 32,000 organizations across industries such as healthcare, finance, and education, while also offering specialized tools for Salesforce users.

online order forms • contact forms • surveys • event registrations • nonprofits

201 - 500 employees

Founded 2006

☁️ SaaS

⚡ Productivity

🤝 B2B

💰 $425M Private Equity Round on 2021-11

📋 Description

• Lead and manage Formstack’s compliance initiatives related to regulations such as HIPAA, SOC 2, GDPR, ISO 27001, PCI-DSS, CCPA, and others. • Collaborate with internal teams (product, legal, IT, and engineering) to develop, implement, and maintain Formstack’s security policies, controls, and procedures. • Perform risk assessments and conduct security audits across departments to ensure compliance with regulatory and industry standards. • Assist in the preparation and facilitation of external audits and certifications (e.g., SOC 2 audits, ISO 27001 certification processes). • Maintain and enhance Formstack's risk management framework, including the identification, assessment, and mitigation of operational, legal, and regulatory risks. • Monitor security compliance trends, changes in regulatory requirements, and new compliance frameworks relevant to Formstack’s operations. • Develop, maintain, and update internal documentation, including security policies, standards, and guidelines, to ensure they reflect current regulatory requirements and best practices. • Manage the vendor risk management program, including the review and monitoring of vendor compliance with Formstack’s security standards. • Support security awareness training programs across the organization to ensure that all employees are knowledgeable about GRC policies. • Provide guidance on governance initiatives and best practices to help improve organizational alignment with compliance and risk management standards. • Ensure incident response plans and business continuity plans are up to date and regularly tested through internal tabletops. • Collaborate on data privacy initiatives and ensure that Formstack’s practices align with privacy regulations like GDPR and CCPA. • Act as a liaison between external regulatory bodies, auditors, and internal teams.

🎯 Requirements

• 5+ years of experience in Governance, Risk, and Compliance (GRC) or a related field, ideally within a SaaS, technology, or healthcare-related environment. • Strong knowledge of industry standards and frameworks, including NIST, SOC 2, or ISO 27001. • Demonstrated experience conducting risk assessments, security audits, and managing compliance projects. • Hands-on experience with cloud security and compliance in environments like AWS. • Strong understanding of cybersecurity principles. • Experience with third-party vendor risk management and compliance monitoring. • Excellent written and verbal communication skills, with the ability to translate complex regulatory requirements into actionable guidance. • Ability to work cross-functionally with legal, IT, and engineering teams. • Strong organizational skills, attention to detail, and the ability to manage multiple projects in a fast-paced environment. • Bonus Points: • Bachelor’s degree in a relevant field (e.g., Information Security, IT, Business, Law, Engineering). • Certifications such as CISSP, CISA, CISM, or CRISC. • Familiarity with frameworks such as COBIT or ISO 31000. • Experience in the technology or SaaS industry, with a focus on product compliance. • Knowledge of secure software development practices and DevSecOps. • Experience working in an agile or DevOps environment. • Strong knowledge of industry standards and frameworks, including HIPAA, GDPR, PCI-DSS and CCPA.