Senior Security Compliance Analyst

Job description

This is a full-time senior-level position, open to all US locations (working remotely from home). This position also requires US-citizenship and either a CISSP or Security+ certification. This senior-level role serves as FormAssembly’s primary compliance subject matter expert, owning our most critical security certifications and leading cross-functional teams through complex audit cycles. You’ll partner closely with Engineering, IT, Product, Sales, and HR to evaluate controls, escalate risks, and ensure our compliance programs enable continued growth with enterprise and government clients.

About Us:

FormAssembly is a 100% remote, fast-growing SaaS company with teammates all over the world that come together every day to help customers streamline data collection processes. We’re chasing major growth goals year after year, and we’re looking for talented, driven individuals to join our dynamic team.

FormAssembly works with 5,000+ leading companies worldwide to help them collect data quickly and securely, including Amazon, PayPal, Dell, Harvard, and more. We have been recognized in the 2020 Inc. 5000 list of fastest growing private companies for four years in a row, and we are a G2 Crowd Winter 2021 Leader. As we grow rapidly and adapt our product to better serve our impressive roster of customers, we’re also dedicated to fostering community and building relationships with our coworkers.

For a glimpse at what it’s like to work at a SaaS company with 35% year over year growth and teammates from all over the world who live out our core values of transparency, accountability, curiosity, ambition, composure, and kindness, learn about our awesome team and how and why we work remotely.

If you share our core values and want to work together to build something great for our customers, we’d be thrilled to have you apply for this position. FormAssembly is an equal opportunity employer. If you belong to an under-represented group in tech, you’ll find a welcoming culture that thrives on diversity.

• 5+ years driving security-compliance audits, including FedRAMP, DoD IL2-5, SOC-2, ISO27001, and PCI.
• Lead compliance initiatives and serve as the primary liaison with assessors and stakeholders.
• Drive continuous monitoring and control implementation for NIST 800-53 and DoD SRG requirements, acting as the primary contact for government-related initiatives.
• Ability to work cohesively alongside different teams such as Engineering, IT, Product, and Marketing.
• Experience with similar frameworks such as EU Cyber Resilience Act (CRA), GDPR, CCPA, and CPRA a bonus.
• Experience preparing and presenting status reports and metrics on risk and non-compliance.
• US Citizenship and active CISSP or Security+ certification

Certifications:

• Must hold in good standing:

  • CISSP (Certified Information Systems Security Professional) or CompTIA Security+

• Also beneficial:

  • CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor)
  • CRISC (Certified in Risk and Information Systems Control)
  • SANS certifications (GIAC family - GSEC, GREM, GCIH)
  • FedRAMP 3PAO Assessor Certification, or ISO 27001 Lead Auditor/Lead Implementer a bonus

In this position you will:

• Lead comprehensive compliance programs including FedRAMP, DoD IL2-IL4, SOC-2, PCI-DSS, and ISO 27001 requirements, ensuring successful audit outcomes and continuous certification maintenance
• Serve as subject matter expert internally across these frameworks
• Execute advanced control assessments through technical testing, risk-based walkthroughs, and comprehensive policy evaluations to validate design and operating effectiveness across all frameworks
• Deliver executive-level risk reporting on residual exposures, vulnerability trends, and compliance posture, with actionable recommendations for security investments and strategic initiatives
• Perform comprehensive control effectiveness evaluations using industry-standard methodologies, providing detailed remediation roadmaps and timeline recommendations
• Champion compliance automation initiatives by identifying opportunities for orchestration, implementing continuous monitoring solutions, and driving operational efficiency
• Serve as primary technical resource for customer security assessments, RFPs, and vendor due diligence activities, demonstrating our security posture to prospects and existing clients
• Drive continuous improvement of security practices through policy development, training program enhancement, and industry best practice implementation

*Due to the nature of information accessed and compliance with government regulations (including FedRAMP and DoD standards), U.S. citizenship is required for this position.

Salary Range: $115,000 - $130,000

FormAssembly is a completely remote/distributed team. We thrive through digital communication, and work to connect numerous times a day. Our culture is vibrant, fun, and unique! Read more about it here. Some of our benefits include:

• Health benefits (health, dental, vision) for Team Members based in the United States
• Mental Health benefits with SpringHealth
• 401(k) with 4% company match
• Unlimited PTO (with a required minimum use of 2 weeks per year) for Salaried/Exempt staff, or 4 weeks of paid vacation for hourly/non-exempt employees.
• 9 paid company holidays
• Flexible work schedule; work from anywhere!
• Generous Paid parental leave (up to 16 weeks)
• Charitable contribution match
• Budget for professional development
• Company provided Mac laptop

You’ll be joining a talented and fun team, working together to build something great!