Senior Risk Analyst (Remote, US)
Medallia’s mission is to help companies win through customer experience. The world’s best-loved brands trust Medallia’s Experience Cloud™, which embeds the pulse of the customer in an organization and empowers employees with the real-time customer data, insights, and tools they need to make every experience great. Named a leader in the most recent Forrester Wave and ranked in the 2018 Forbes Cloud 100 list, Medallia is growing quickly, with a global footprint that spans Silicon Valley, Austin, New York, Washington DC, London, Paris, Sydney, Buenos Aires, Tel Aviv, and Prague. Here, we value people for each of the aspects that make them whole. We believe that people should not be defined only by a job title—nobody is "just an engineer" or "just a salesperson." We are each partners, parents, children, siblings, friends, and former classmates. We have different backgrounds and we celebrate different cultures. And, just like our product, we honor each of the experiences that build our people.
At Medallia we hire the whole person, not just a part of them.
- Enhance and maintain Medallia’s policies and standards in collaboration with internal teams.
- Build and maintain the controls matrix, in alignment with multiple compliance frameworks including SOC 2, ISO 27001/27701/27017/27018, HITRUST and HIPAA.
- Familiarity with Data Privacy regulations (GDPR/CCPA and similar).
- Coordinate IT security governance, risk and compliance activities across the enterprise as well as through Medallia supply chain partners.
- Monitor the performance of the IT Security Compliance Program and of the Supply Chain Risk Management Program and related activities on a continuing basis, and take appropriate steps to improve their effectiveness.
- Support the annual audit process, educating resources about controls responses and integration to their day-to-day processes.
- Prepare compliance reports, identify issues and escalate through proper governance channels as needed.
- Support key business initiatives such as the implementation of DLP and MDM tools by working closely with the CIO organization.
- Collaborate with teams across Medallia, validate that security controls are implemented and develop recommendations to remediate control deficiencies.
- Lead the security review component of vendor governance.
- Prepare status reports and updates for senior leadership.
- Develop employee facing technical documentation, internal wiki pages, periodic security oriented communication to spread awareness about Information Security policies and standards.
- Respond to RFP requests and client questions around security capabilities of Medallia products.
- Content development for newly acquired Medallia companies.
- 5+ years experience working with technology governance, internal controls, and compliance activities including IT Audit, ISO 27001/17/18, SOC 2, HIPAA, FedRAMP, HITRUST and Data Privacy laws and regulations.
- Experience working with modern cloud Software as a Service (SaaS).
- Experience with IT security solutions, including but not limited to DLP, MDM and IAM.
- Excellent written and oral communication skills with an ability to effectively communicate security topics to a variety of audiences.
- Experience in executing technology risk assessment methodologies and familiar with audit testing and relevant documentation standards.
- Strong leadership capabilities, collaborative attitude and motivation to work in a fast paced startup environment.
- Ability to analyze, communicate, articulate governance and compliance trends and program requirements.
- Big 4 Experience and Industry certifications such as CISA, CISSP, CISM, PMP or CRISC is a plus.
- Ability to work closely with people at all levels of the organization and facilitate the implementation of corrective action as needed.
At Medallia, we don’t just accept difference—we celebrate it and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. Equal opportunity and consideration are afforded to all qualified applicants and employees. We won't unlawfully discriminate on the basis of gender identity or expression, race, ethnicity, religion, national origin, age, sex, marital status, physical or mental disability, Veteran status, sexual orientation, and any other category protected by law. We also consider all qualified applicants regardless of criminal histories, consistent with legal requirements. Medallia is committed to working with and providing reasonable accommodation to applicants with disabilities in accordance with the American Disabilities Act and local disability laws. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies.