Risk and Compliance Engineer

Slack

(San Francisco, California)
Full Time
Job Posting Details
About Slack
Slack is a messaging app for teams that is on a mission to make your working life simpler, more pleasant, and more productive. We believe everyone deserves to work in a welcoming, respectful, and empathetic culture. We live by our values and hire accordingly.
Summary
As a member of the Risk & Compliance Team, you understand that building user trust is critical to Slack’s success. You are passionate about privacy and maintaining customer confidence. You have the focus and organization to champion the adoption of sound security practices across all of Slack’s business and engineering teams. You get passionate about learning new legal policy frameworks, building processes to address new regulatory and compliance requirements, and jump at the chance to use your technical knowledge to answer customer questions. You challenge Slack’s vendors to meet the same high standards we hold ourselves to and help them evolve their security practices to meet our customer’s expectations. You are happy your work directly impacts the way millions of users, teams and businesses get things done.
Responsibilities
* You will develop and maintain various regulatory and compliance attestation and/or certification of Slack’s information security program * You will modify and raise awareness of internal security policies and practices * You will improve and maintain the following information security program components: * You will establish security risk methodology & processes, perform risk assessments, and execute treatment plans * You will craft compliance documentation and monitor consistency to policies and standards * You will build and operate a security training & awareness program * You will assess, document and mitigate vendor-related security risks * You will partner with operations and IT counterparts to improve network and infrastructure security to better secure customer data * You will partner with legal and policy counterparts to build policies and artifacts that support information security programs * You will respond to customer inquiries about Slack’s information security program and compliance status
Ideal Candidate
* You have experience addressing technical policy, compliance and regulatory issues * You have experience implementing, participating in, or conducting security assessments of compliance programs (e.g.: SOC 2, FedRAMP, ISO 27001, HIPAA, PCI DSS, FINRA, etc.) * You have the ability to work independently, communicating across multiple time zones * You have experience working with a broad array of multi-functional partners * You are familiar with generally-accepted security methods, concepts and techniques * You understand underlying Slack infrastructure including AWS, LAMP, Chef, JAMF, ELK, etc. * You use effective communication with great interpersonal and presentation skills, writing well to translate complex issues into simple language that people who are not experts can understand * You have experience interacting directly with both enterprise and small business customers **Bonus Points** * Bachelor’s degree in computer science or equivalent educational or professional experience and/or qualifications * CISA or CISSP * 5+ years of information security experience * 5+ years of experience with information technology audits and assessments * Excellent time management and related organizational skills

Questions

Answered by on
This question has not been answered
Answered by on

There are no answered questions, sign up or login to ask a question

Want to see jobs that are matched to you?

DreamHire recommends you jobs that fit your
skills, experiences, career goals, and more.