Senior Analyst, Risk & Compliance (Remote US)

Location : Remote, United States | Team: Security Engineering

Role Type: Full-Time Employee (Individual)

Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the understanding and management of experience for candidates, customers, employees, patients, citizens and residents.  

We are more than a software company. We want to be known as a company that does the right thing, no matter the challenge or controversy. We are committed to creating a culture that values every person and every experience. Individual life experiences shape the way we interact with the world, which is why we encourage people to bring their whole selves to work each day. The strength of our global workforce is the most significant contributor to our success. 

We believe: Every Experience Matters. Talent is Everywhere. All Belong Here.

At Medallia, we hire the whole person.


  • Develop Medallia’s FedRAMP policies and standards in collaboration with internal teams
  • Build and maintain the controls matrix, in alignment with multiple compliance frameworks including SOC 2, ISO 27001, FedRAMP and HIPAA
  • Coordinate all aspects of Medallia’s FedRAMP ATO certification continuance, day-to-day operations and tactical execution of FedRAMP continuous monitoring compliance process (ConMon)
  • Own the annual FedRAMP audit process, educating resources about controls responses and integration to their day-to-day processes
  • Prepare compliance reports, identify issues and escalate through proper governance channels as needed
  • Support key business initiatives by identifying security and compliance related risks
  • Collaborate with teams across Medallia, validate that security controls are implemented and develop recommendations to remediate control deficiencies
  • Lead the security review component of vendor governance
  • Prepare status reports and updates for senior leadership
  • Develop employee facing technical documentation, internal wiki pages, periodic security oriented communication to spread awareness about Information Security policies and standards
  • Respond to RFP requests and client questions around security
  • Monthly update of POA&M Excel spreadsheet and summary PowerPoint reports of the previous month’s vulnerabilities/remediations for our government sponsor
  • Quarterly meeting with additional government customers and product updates working with Product Manager and sales.
  • Content development (Powerpoint) to share at internal teams at meetings

Minimum Qualifications

  • 5+ years experience working with technology governance, internal controls, and compliance activities including IT Audit, ISO 27001/17/18, SOC 2, HIPAA, FedRAMP, HITRUST and Data Privacy laws and regulations.
  • Experience working with modern cloud Software as a Service (SaaS).
  • Excellent written and oral communication skills with an ability to effectively communicate security topics to a variety of audiences.

Preferred Qualifications

  • Experience in executing technology risk assessment methodologies and familiar with audit testing and relevant documentation standards.
  • Strong leadership capabilities, collaborative attitude and motivation to work in a fast paced startup environment.
  • Ability to analyze, communicate, articulate governance and compliance trends and program requirements.
  • Big 4 Experience and Industry certifications such as CISA, CISSP, CISM, PMP or CRISC is a plus.
  • Ability to work closely with people at all levels of the organization and facilitate the implementation of corrective action as needed.
At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. Equal opportunity is afforded to all qualified applicants and employees. We do not discriminate on the basis of gender identity or expression, race, ethnicity, religion, national origin, age, sex, marital status, physical or mental disability, Veteran status, sexual orientation, and any other protected category. We also consider all qualified applicants regardless of criminal histories, consistent with legal requirements. 

Medallia is committed to working with and providing reasonable accommodation to applicants with disabilities in accordance with the American Disabilities Act and local disability laws. 

For information regarding how Medallia collects and uses personal information, please review our Privacy Policies.

Apply Today