BigCommerce is disrupting the e-commerce industry as the SaaS leader for fast- growing, mid-market businesses. We enable our customers to build intuitive and engaging stores to support every stage of their growth.
Do you thrive on partnering with internal teams to ensure successful security programs are in place that align with compliance requirements? Are you experienced with helping internal teams continuously improve their security and compliance posture and do you enjoy the challenge of working in a fast-paced space like e-commerce? Are you a go-getter who loves to get stuff done and passionate about delivering value to the business? If so, BigCommerce has an exciting full-time opportunity for someone like you!
BigCommerce, named a 2021 "Best Place to Work" in San Francisco is looking for a Senior Governance, Risk & Compliance Analyst to work with our Cybersecurity & GRC Team in our awesome San Francisco office.
Our global GRC Analysts lead projects/programs across the company, interfacing with TechOps, IT, Product Development, HR and everywhere in-between. You’ll be collaborating with both internal customers and external partners/vendors to help define and execute on our global GRC roadmap.
BigCommerce is a product company, headquartered in Austin, Texas, and has offices in San Francisco, California, Sydney, Australia and London, England.
We are the world's leading cloud ecommerce platform for established and rapidly growing businesses. Combining enterprise SaaS functionality, an open platform, and an app ecosystem, BigCommerce enables businesses to grow online sales with less cost, time and complexity than on-premises software. BigCommerce powers B2B and B2C ecommerce for more than 60,000 brands, 2,000+ mid-market businesses and 30 Fortune 1000 companies, including Assurant, Ben & Jerry's, Paul Mitchell, Skullcandy, Sony, and Toyota.
**To be considered applicants must reside in the United States**
What You’ll Do:
- Coordinate information technology and security related audits for compliance standards like PCI DSS, ISO27001, SOC2, etc.
- Assist management in the development of the appropriate documentation, including, for example, security plans, information security related policies, and process descriptions
- Drive improvements in existing processes and monitor the measurement and review of internal processes, especially those that affect the quality of the organization's services
- Conduct internal risk assessments
- Support the communication of policies, procedures, and plans regarding security and compliance best practices around applicable laws, regulations and controls
- Perform IT controls testing and develop recommendations based on confirmed observations
- Work with process and control owners to help them understand the audit results, identify remediation options and prioritize their closure
- Partner with internal teams to ensure successful security programs that align with compliance requirements
- Supports daily operational security activities such as responses to client inquiries regarding the information security program as required
- Identify, research and evaluate new compliance requirements and ensure they are incorporated into BigCommerce security policy framework
- Perform other IT security and compliance related tasks as assigned by management
Who You Are:
- Bachelor’s degree in Computer Science, Information Systems, Management Information Systems, or Business Administration or another related field
- 6+ years’ experience in cybersecurity, governance, risk & compliance
- Excellent communication, planning organizational and writing skills
- Strong knowledge of applicable compliance/risk concepts, information security audit standards and industry best practices
- Attention to detail around controls, metrics, accountability and operational excellence
- Strong track record of developing and maintaining high quality internal policy and procedure documents
- Proven ability to manage multiple projects and lead them to completion with limited direction
- Ability to understand deep technical concepts and explain technical or complex analysis to non-technical individuals
- Experience working extremely cross functionally in a fast moving, engineering focused organization
- Hands-on experience working successfully in a very fast-paced, results-oriented environment
- You have experience using a variety of tools like JIRA, Confluence, G Suite.
- Self-driven. You have superior organizational skills, integrity and great follow-through on tasks. You don't get overwhelmed easily.
- Naturally curious. You're innovative, extremely creative and constantly providing ideas to optimize the process.
- You're a charismatic people-person who can talk to anyone; you're flexible, fearless, and excited to help build something awesome
- You understand the awesomeness and challenges of risk assessments, auditing and auditors - and know what to apply for each situation
- You understand the impact of a highly satisfied, excited crew; you are slightly obsessive-compulsive about grinding away at issues
- You know that when like-minded, talented colleagues put their minds to achieving ambitious goals, great things happen. You bring that positivity & attitude to everything you do
- Problem Solver. You use logic, as well as the imagination, to make sense of a situation and come up with an intelligent solution
- You have an innate, scrappy and entrepreneurial drive to get things done in a fast-moving environment where things can (and do!) change quickly, priorities compete, and you may not always have all of the details upfront. Nothing gets by you
- A utility player. You're willing to help wherever needed
- Minimum of 4 years of experience in regulatory compliance, risk management and/or audit roles or technology governance
- Deep understanding of security assurance and trust frameworks (like PCI DSS, ISO2700x, NIST 800-53, SOC 2 - AICPA Trust Service Principles, CSA STAR, etc.)
- Strong understanding of privacy and data protection laws (CCPA, GDPR, GLBA Privacy and Safeguards Rules)
- Experience with compliance requirements/standards such as ISO, SOC, FedRAMP, GDPR and Safe Harbor / Privacy Shield
- Experience interacting with external auditors and internal stakeholders
Our Hiring Processes Might Include
We want to see your problem-solving and analytical skills. Be prepared to write good, clean, scalable code. You don’t need to know our entire stack, but we’re looking for practical experience, someone who can solve production problems in the cloud.
- Recruiter Phone Screen
- Hiring Manager Screening
- Final Team Interview