Senior Security and Compliance Analyst

Responsibilities

• Maintain and evolve policies that hold employees accountable to security and privacy best practices, while remaining practical and aligned with Salesloft’s systems and control environment
• Conduct third party risk management activities that evaluate the security posture and controls of third party providers, including the implementation and ongoing use of third-party systems
• Conduct security, privacy and compliance reviews as part of the software development lifecycle for the Salesloft platform
• Work with business stakeholders to ensure security and privacy requirements are adequately considered as part of the development and delivery methodology
• Liaise with third party auditors and internal control owners to ensure the successful completion of attestation and compliance engagements
• Support the automation of cybersecurity risk management programs and reporting capabilities to measure and demonstrate control operational effectiveness
• Work with various departmental control owners to identify, assess, and treat security and privacy risks
• Respond to customer security and compliance inquiries, including customer security and privacy questionnaires, compliance attestations, and discussions on product functionality and its impact on customer environments
• Maintenance of the public facing Salesloft trust portal
• Participate in meetings with customer security, privacy, legal, and IT teams to address detailed security and compliance questions related to the Salesloft platform and security program
• Create and maintain customer-facing materials that streamline the security evaluation process and proactively address common customer concerns
• Ensure Salesloft’s security awareness training program communicates relevant content that results in meaningful learning across the employee base
• Support the responsible adoption of AI by enabling GRC automation and partnering with business teams on AI-driven initiatives, while establishing and maintaining appropriate AI governance, risk controls, and compliance guardrails

Qualifications

• 5+ years of experience auditing and/or maintaining information security controls
• Experience engaging directly with customers as a security subject matter expert
• Working knowledge of ISO 27001, SOC 2 Trust Services Principles, GDPR and other common security standards
• Experience with "defense-in-depth" principles and technology 
• Strong attention to detail and commitment to quality
• Self-driven, autonomous and can contribute to the strategy and roadmap of the team
• Advanced documentation, prioritization and change management skills
• CISA or similar certification