Senior Compliance and Risk Analyst

At Optimizely, we're on a mission to help people unlock their digital potential. We do that by reinventing how marketing and product teams work to create and optimize digital experiences across all channels. With Optimizely One, our industry-first operating system for marketers, we offer teams flexibility and choice to build their stack their way with our fully SaaS, fully decoupled, and highly composable solution.
We are proud to help more than 10,000 businesses, including H&M, PayPal, Zoom, and Toyota, enrich their customer lifetime value, increase revenue and grow their brands. Our innovation and excellence have earned us numerous recognitions as a leader by industry analysts such as Gartner, Forrester, and IDC, reinforcing our role as a trailblazer in MarTech.

At our core, we believe work is about more than just numbers - it's about the people. Our culture is dynamic and constantly evolving, shaped by every employee, their actions and their stories. With over 1500 Optimizers spread across 12 global locations, our diverse team embodies the "One Optimizely" spirit, emphasizing collaboration and continuous improvement, while fostering a culture where every voice is heard and valued.

Join us and become part of a company that's empowering people to unlock their digital potential!

Introduction

The focus of this position is on the internal information compliance & risk area. The analyst will assist with designing, implementing, supporting and maintaining policies and security solutions for our enterprise infrastructure and cloud-based products and services. The analyst must be organized with an ability to self-manage with multiple high priority initiatives.

Job Responsibilities
Support critical information compliance & risk projects including the development and management of global policies and procedures, while ensuring proper alignment to company objectives.
Assists with ongoing support of our ISO 27001 certification, as well as GDPR and new regulatory or compliance needs.
Serves as a support resource to assist with information compliance, security & risk questions for the organization, and for customers, partners, auditors, and regulators.
Assists in the development of a security and compliance knowledge base to be utilized while responding to information security requests and questionnaires from customers and prospects.
Maintains efficiencies and effectiveness of compliance monitoring programs, while making improvements and suggestions where relevant.
Supports third-party vulnerability monitoring, security audits, and risk assessments.
Audits and regularly evaluates company performance for compliance to information security standards.
Reports key metrics relating to information security projects, monitoring programs, and issues.
Performs additional duties as required.
Assists with development and delivery of security awareness training.
Performs security related evaluations and follow-ups with vendors.
Knowledge and Experience
2+ Years' experience within an information security role, supporting cloud-based solutions.
Excellent written and verbal communication skills, for effective interaction with Optimizely team members, customers, partners, and auditors.
Experience with compliance standards such as: ISO, ITIL, NIST, PCI, and SOC.
Strong risk management and auditing experience.
Experience with data privacy regulations such as GDPR and Privacy Shield.
Certification preferred in CISSP, CISA, CISM, CompTIA, GSEC, CEH, or similar certification relating to information security preferred.
Active certification required as an ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, or ISO 27001 Internal Auditor
Good to have HIPAA experience
Education

Bachelor's degree or equivalent experience

Competencies
Accepting Responsibility
Coordinating Project Activities
Delivering High Quality Work
Following Policies and Procedures
Managing Risk

Optimizely is committed to a diverse and inclusive workplace. Optimizely is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.