BigCommerce’s mission is to help merchants sell more at every stage of growth, from small startups, to mid-market businesses to large enterprises. We focus on being the best ecommerce platform so our customers can focus on what matters most: growing their businesses.
We are equally passionate about growing our employee’s careers and providing them an incredible experience as we rapidly expand across the globe. We are proud to have been recognized numerous times for our product and workplace culture. We empower our people and customers to build, innovate and grow, so together we can redefine the ecommerce industry.
BigCommerce is growing its Information Security Governance Risk and Compliance team, get in whilst the team is still small and you’ll have the ability to influence the culture and direction moving forward.
Our analysts are called on to wear many hats, you’ll be very well rounded, with knowledge of the BigCommerce SaaS environment, driven by your intrinsic interest in learning about regulatory standards like PCI, ISO 27001, NIST, SOC, HIPAA, GDPR, CCPA, etc. You will be a key part in helping us define policies, working with internal stakeholders like IT, Technical Operations, Cybersecurity, and General Operations including our Engineering teams to suggest product improvements, improve business processes to meet our compliance obligations, and respond to security risks. Your understanding of how parts of a system interact and operate as a whole provides the right foundation; finding solutions to complex challenges by thinking “outside the box” and evaluating challenges from many different perspectives before acting is your key to success.
BigCommerce named a ”Best Place to Work" in Sydney, “Best and Brightest” place to work in San Francisco, and “Best Place to Work” In Austin is looking for a full-time Associate Technology Risk Analyst who wants to make an impact at every level of society through powering innovators, creative thinkers, entrepreneurs and business owners around the world to be successful at each stage of their business.
**To be considered an applicant you must reside in the United States**
What you’ll do:
- Apply security, privacy and other regulatory principles applicable to BigCommerce to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Perform regular and ongoing risk assessments on product enhancements, business systems, and processes, internal applications as part of the BC Enterprise Security Risk Management (ESRM) program
- Perform scheduled security audits against our systems using different audit tools to gather evidence like firewall rules, system logs, application code and reviewing the evidence for effectiveness against the BC Integrated Controls Framework (BCICF)
- Discern the protection needs (i.e., security controls) of information systems, networks, applications in response to security risks, remediation of audit findings
- Provide security and compliance guidance to BigCommerce business and technology teams.
- Help operationalize the BCICF into the BC business and technology teams processes by developing automated workflows and assessments, to reduce frictions and improve our security posture.
- Utilize data to help generate insights, metrics and key performance indicators into risks and champion solutions.
- Evangelize security within BigCommerce and be an advocate for BigCommerce customers.
- Be at the forefront of developing training programs for our employees, partners, and customers on security, privacy and other acceptable ethical practices.
- Protect BigCommerce Merchants, Shoppers and the company.
Who you are:
- Familiar with some security and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, use of personal data etc.).
- Able to explain security issues to both internal and external stakeholders and third parties
- Experienced with vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- Familiar with current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
- Strong team spirit; willing and able to put team priorities ahead of individual priorities.
- Strong communicator with a bias towards honesty and transparency.
Preferred but not Required:
- Degree in Computer Science, IT or related technical field. Candidates currently enrolled in college will also be considered.
- Experienced with BigCommerce SaaS environment
Remote Position or Hybrid: “Flexible work from home options available” for those wanting an office environment. Available in Austin, Texas or 100% remote in the U.S.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions and to receive other benefits and privileges of employment. If you need an accommodation in order to interview at BigCommerce, please let us know during any of your interactions with our recruiting team.
Learn more about the BigCommerce team, culture and benefits at https://careers.bigcommerce.com .