Senior Compliance Specialist

As a Sr. Compliance Specialist, you will be responsible for owning the management and execution of privacy and compliance tasks. You will impact the ability of our GTM teams to provide accurate and essential information to current and prospective customers, for our product teams to receive product feedback and input, and for Vanta itself to operate at the highest standards.

At Vanta, our mission is to secure the internet and protect consumer data. We believe that security should be monitored and verified continuously, and we empower companies to practice better security and prove it with ease. Vanta has a kind and talented team, and we need another security and compliance expert to support our organization.

As a part of the Privacy, Risk and Compliance (PRC) team, you will provide front line expertise in the compliance frameworks that we support as well as ensure Vanta itself remains compliant with our own obligations. You will will be committed to ensuring our teams have the information and processes needed to deliver world class service to our internal and external customers before, during and after the sale

What you'll do as a Sr. Compliance Specialist at Vanta:

• Owns "Vanta on Vanta" - ensures the ongoing compliance or controls and owns the internal feedback loop used to improve our services (ex: audit evidence for relevant compliance frameworks such as SOC2 and ISO 27001, manage implementation plans for new frameworks, oversee planning and execution)
• Coordinates the enterprise risk assessment (RA) process and tracks progress on risk treatment plans (RTP)
• Oversee tasks related to maintaining internal privacy including ongoing or recurring tasks such as maintaining the PII Data Inventory, supporting the legal team to ensure that vendor contracts are compliant and ensuring that a DPIA is performed annually
• Ensure KPIs and metrics are communicated to internal and external stakeholders
• Provide timely and accurate information to Sales and Customer success team members about various frameworks, including answering questions via slack and email, and joining customer calls to communicate with customers directly
• Manage the full project life cycle for multiple PRC team initiatives in coordination with Product teams and other stakeholders
• Coordinate with GTM teams in managing the delivery of enablement tasks (i.e. training, proofreading, editing, writing.)
• Owning the "PRC Updates" internal newsletter championing the many impactful successes of the PRC team
• Industry certifications preferred:
  • CISSP
  • CCSP and/or CCSK
  • CISA
  • CISM
  • CRISC
  • ISO 27001 LI/LA
  • PCI QSA or ISA
  • CIPM
  • CIPT
  • CIPP/E
  • CIPPS/US
  • CDPSE
  • Security+

How to be successful in this role:

• 2+ years experience assessing/implementing/interpreting/auditing various security/compliance/regulatory frameworks including:
• SOC 2
• ISO 27001
• ISO 27701
• GDPR
• CPRA (CCPA)
• HIPAA
• PCI DSS
• Experience with GRC tools and processes. Even better if you have experience directly building, owning or operating GRC workflows in rapidly growing SaaS environments.
• Experience with common cloud service provider technologies and their use in support of security and compliance objectives
• Customer-first focus.
• Can work independently and with teams to identify and resolve challenges and overcome roadblocks.
• Professional Services/Auditing/Consulting experience highly preferred but not required.
• Security Engineer, Analyst or Administration background appreciated but not required.

Pay Range: $127,000 - 149,000; If you are offered the position, your offer amount will be based on your experience.

What you can expect as a Vantan:

• Industry-Competitive Salary and Equity
• 100% covered Medical, Dental, and Vision Benefits with Dependents Coverage
• 16 Weeks Fully Paid Parental Leave for All New Parents (Moms, Dads, Adoptive, Foster)
• Health & Wellness Stipend
• Remote Workspace Stipend
• 401(k) Matching Plan
• Flexible Work Hours and Location
• Open & Encouraged PTO Policy
• 9 Company Paid Holidays
• Free Memberships to Online Wellness Platforms (One Medical, Ginger, Headspace, and more!)
• Virtual Team Building Activities, Lunch and Learns, and other Company-Wide Events
• Offices in SF and NYC with Hubs of Vantans forming across the US, including but not limited to, Seattle, Austin, Indianapolis, LA, Boston, and more!

At Vanta, we are committed to hiring diverse talent of different backgrounds and as such, it is important to us to provide an inclusive work environment for all. We do not discriminate on the basis of race, gender identity, age, religion, sexual orientation, veteran or disability status, or any other protected class. As an equal opportunity employer, we encourage and welcome people of all backgrounds to apply.

About Vanta
We started Vanta in 2016 as Equifax had lost every American's social security number, Home Depot had leaked its customers' credit card numbers to hackers, and Facebook admitted that it irresponsibly sent user data to third parties who tried to influence the US election. It was clear that security and privacy had become mainstream issues, and that we all increasingly relied on cloud services to store everything from our personal photos to our communications at work.

Vanta's mission is to be the layer of trust on top of these services, and to secure the internet, increase trust in software companies, and keep consumer data safe.

We do this by building an automated head of security for technology companies, and we use that system to both help a company secure itself and to prove their security to others.

If we succeed in our mission, it should feel irresponsible for users to put data into a product that isn't certified by Vanta, and irresponsible for companies to collect data without using Vanta to secure and monitor themselves.

#LI-Remote



Summary
Company name: Vanta
Remote job title: Senior Compliance Specialist
Job tags: Operational Auditing, Compliance, Software as a Service