Security Assurance Lead at Culture Amp
Apply to Culture Amp
Apply to Culture Amp
What do Airbnb, Kind and Salesforce have in common? They use Culture Amp every day to make their workplaces better and grow highly engaged employees. They also make up a community of over 2,600 organisations from around the globe who stand together to change the world of work.
With offices in Melbourne, San Francisco, New York, and London, Culture Amp isn’t just for fast-growing startups - we’re for every organisation that wants to put culture first. By making it easy to collect, understand, and act on employee feedback, we enable People teams to make better decisions, demonstrate impact, and turn company culture into a competitive edge.
It’s what makes us the world’s leading employee feedback platform.
The opportunity at Culture Amp
As a member of the Security team, you will help drive Culture Amp’s ISO27001 Information Security Management System. You will engage with internal and external stakeholders to educate, advise and build trust in Culture Amp’s information security and privacy practices, while helping Culture Amp reach its business objectives.
You will be providing expertise in evaluating, assessing and monitoring the organisation’s compliance with ISO27001 as well as future SOC2 compliance efforts.
Duties and responsibilities
- Provide regulatory and compliance advice to business and control units on an ongoing basis.
- Participate in the evaluation, development and implementation of security policy, standards, procedures and guidelines.
- Assess and help manage risk inline with Culture Amp’s risk management methodology.
- Work with internal and external auditors to demonstrate and provide evidence for controls that are in place. May conduct additional testing to validate that items found during tests have been remediated.
- Assist with security questionnaires and working with the Sales teams on RFP responses related to security.
- Lead and execute complex information security assessments that require both analytical and technical skills across a broad range of Information Technology topics.
- Provide program, proposal and security control analysis and gap assessments.
What you'll need to be successful
- Operational experience in maintaining ISO27001 certification in complex environments.
- Knowledge of network technologies/protocols and computer security concepts in small, medium, and large scale Enterprise technology environments.
- Experience in documentation of processes and internal security controls.
- Strong social, verbal, and written communication skills, with demonstrated ability to effectively present analytical data to a variety of technical and non-technical audiences.
- Strong deductive reasoning, critical thinking, problem solving skills.
- Ideally certified (but not required) in one for the following: CISSP, CISM, CRISC, CISA or any other Information Security related certifications.
- Analyse security controls and compliance requirements for various frameworks and regulations such as SOC2, ISO27001, GDPR.
- Assess effectiveness of security controls.
- Design, implement and automate effectiveness testing and efficacy measurements.
- Develop compliance measurements and metrics for reporting.
If you are truly excited about this role and meet the requirements mentioned above, please submit your resume. We look forward to speaking with you!
Here are a few highlights from Culture Amp
More jobs at Culture Amp
About Culture Amp
- 29 Stewart Street, Richmond, VIC, 3121