Companies you'll love to work for

Staff Risk Analyst

Decibel

Decibel

IT
Multiple locations
Posted on Friday, October 6, 2023

Job Description

Overview

Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the understanding and management of experience for candidates, customers, employees, patients, citizens and residents.  


We are more than a software company. We want to be known as a company that does the right thing, no matter the challenge or controversy. We are committed to creating a culture that values every person and every experience. Individual life experiences shape the way we interact with the world, which is why we encourage people to bring their whole selves to work each day. The strength of our global workforce is the most significant contributor to our success. 


We believe: Every Experience Matters. Talent is Everywhere. All Belong Here.

At Medallia, we hire the whole person.


The Role and Team

A phenomenal opportunity exists within Medallia’s Risk & Compliance Team as we are looking for a Staff Risk Analyst to drive compliance maturity and risk management in an ever-evolving SaaS landscape. At the forefront of technological advancements and innovation, this role is pivotal in shaping the way we ensure security and compliance across our services. As we continue to build and scale, this role’s impact will be critical to our platform, ensuring our growth is matched by the strength of our control environment. The position requires a strong compliance acumen, business partnering skills, attention to detail, and ability to understand and implement compliance best practices in a complex technology environment.


Responsibilities

  • Act as subject matter expert on compliance and regulatory frameworks 
  • Advise key stakeholders and management on best practice control design and implementation 
  • Coordinate and lead IT security audits and compliance governance activities across the company.
  • Build and maintain Medallia’s unified controls matrix, in alignment with multiple compliance frameworks including SOC 2, ISO 27001/27701/27017/27018, PCI, HITRUST and HIPAA.
  • Develop and maintain Medallia’s policies, procedures, and standards in collaboration with internal teams.
  • Collaborate with teams across Medallia, validate that security controls are implemented and develop recommendations to remediate control deficiencies.
  • Identify and oversee implementation of scalable security control enhancements that reduce risk and increase performance efficiency across diverse technical environments
  • Develop employee facing technical documentation, internal wiki pages, periodic security oriented communication to spread awareness about Information Security policies and standards.

Qualifications

Minimum Qualifications

  • 5+ years experience working with technology governance, internal controls, and compliance activities such as ISO 27001/17/18, SOC 2, PCI, HIPAA, FedRAMP, HITRUST. 
  • Strong leadership capabilities, collaborative attitude and motivation to work in a fast paced startup-like environment.
  • Ability to articulate complex technical and security information into business terms and solutions.
  • Proficient with audit testing best practices and relevant documentation standards.
  • Strong understanding with a broad range of technical concepts relevant to SaaS environments: access management, software development lifecycle, secure coding principles, security architecture, information security, and network security
  • Highly-organized with proven ability to oversee and manage multiple work streams across diverse stakeholder groups
  • Excellent written and oral communication skills with an ability to effectively communicate security topics to a variety of audiences.

Preferred Qualifications

  • Ability to analyze, communicate, articulate governance and compliance industry trends and benchmarks into policy.

  • Experience managing information security audits and control implementation within , strategy and risk within a Fortune 500 company.

  • Ability to translate global privacy laws and regulations into recommended actions.

  • Industry certifications such as CISA, CISSP, CISM, PMP or CRISC is a plus.

At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at ApplicantAccessibility@medallia.com. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies.