Companies you'll love to work for

Staff Risk Analyst



United States
Posted on Saturday, January 13, 2024

Job Description


Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the understanding and management of experience for candidates, customers, employees, patients, citizens and residents.

We are more than a software company. We want to be known as a company that does the right thing, no matter the challenge or controversy. We are committed to creating a culture that values every person and every experience. Individual life experiences shape the way we interact with the world, which is why we encourage people to bring their whole selves to work each day. The strength of our global workforce is the most significant contributor to our success.

We believe: Every Experience Matters. Talent is Everywhere. All Belong Here.

At Medallia, we hire the whole person.

The Role and Team

A phenomenal opportunity exists within Medallia’s Risk & Compliance Team as we are looking for a Staff Risk Analyst to drive compliance maturity and risk management in an ever-evolving SaaS landscape. At the forefront of technological advancements and innovation, this role is pivotal in shaping the way we ensure security and compliance across our services. As we continue to build and scale, this role’s impact will be critical to our platform, ensuring our growth is matched by the strength of our control environment. The position requires a strong compliance acumen, business partnering skills, attention to detail, and ability to understand and implement compliance best practices in a complex technology environment.


  • Act as subject matter expert on compliance and regulatory frameworks
  • Advise key stakeholders and management on best practice control design and implementation
  • Coordinate and lead IT security audits and compliance governance activities across the company.
  • Build and maintain Medallia’s unified controls matrix, in alignment with multiple compliance frameworks including SOC 2, ISO 27001/27701/27017/27018, PCI, HITRUST and HIPAA.
  • Develop and maintain Medallia’s policies, procedures, and standards in collaboration with internal teams.
  • Collaborate with teams across Medallia, validate that security controls are implemented and develop recommendations to remediate control deficiencies.
  • Identify and oversee implementation of scalable security control enhancements that reduce risk and increase performance efficiency across diverse technical environments
  • Develop employee facing technical documentation, internal wiki pages, periodic security oriented communication to spread awareness about Information Security policies and standards.


Minimum Qualifications

  • 5+ years experience working with technology governance, internal controls, and compliance activities such as ISO 27001/17/18, SOC 2, PCI, HIPAA, FedRAMP, HITRUST.
  • Strong leadership capabilities, collaborative attitude and motivation to work in a fast paced startup-like environment.
  • Ability to articulate complex technical and security information into business terms and solutions.
  • Proficient with audit testing best practices and relevant documentation standards.
  • Strong understanding with a broad range of technical concepts relevant to SaaS environments: access management, software development lifecycle, secure coding principles, security architecture, information security, and network security
  • Highly-organized with proven ability to oversee and manage multiple work streams across diverse stakeholder groups
  • Excellent written and oral communication skills with an ability to effectively communicate security topics to a variety of audiences.

Preferred Qualifications

  • Ability to analyze, communicate, articulate governance and compliance industry trends and benchmarks into policy.
  • Experience managing information security audits and control implementation within , strategy and risk within a Fortune 500 company.
  • Ability to translate global privacy laws and regulations into recommended actions.
  • Industry certifications such as CISA, CISSP, CISM, PMP or CRISC is a plus.

Medallia is committed to equal pay and transparency. The annual base salary range for this position is $127,000 - $217,000. Please note that the salary range information provided is a general guideline and combines all of the distinct labor markets within the US. It is uncommon for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on a variety of factors. Medallia considers factors such as (but not limited to) scope and responsibilities of the position, candidate’s work experience, candidate’s work location, education/training, key skills, internal peer equity, external market data, as well as, market and business considerations when making compensation decisions.

At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at For information regarding how Medallia collects and uses personal information, please review our Privacy Policies.