Security and Compliance Analyst

_Espressive_ redefines how employees get help by delivering exceptional employee experiences. We were founded on the belief that getting help at work shouldn’t be so hard. While others have focused on solving the problems faced by help desk analysts, _Espressive_ shifted the focus to the employee — because you can’t have self-service if employees are not _engaged.Barista_, our virtual support agent (VSA), brings the ease of consumer virtual assistants, such as Alexa and Google Home, into the workplace, delivering a personalized user experience that results in employee adoption rates of 80-85% and reduced help desk call volume of 40-60%.We've raised our series B and are funded by some of the best VCs in the world. We have a highly experienced, small team, led by a CEO and executive team with a proven track record of building successful companies. We have offices in Santa Clara, California, Salt Lake City, Utah and Guadalajara, Mexico._

**About the Role**

We are not a “check the box” organization. If you have a strong desire to learn, become self-sufficient and business value is your primary driver, we want to talk to you

**About the Responsibilities**

Senior members of the Security and Compliance team will provide support and mentoring for any of the following areas, depending on the Analyst’s experience level:

- Vulnerability management process, including running vulnerability scans, analyzing findings, and tracking, coordinating, and negotiating remediation efforts with various organizational stakeholders
- Support of internal and external (e.g., customers, auditors) information gathering sessions associated with information security risk assessments, questionnaires, and general inquiries
- Creating and maintaining the following, including managing the review, and approval process with stakeholders:

- Policies, Procedures, Standards and Playbooks
- Knowledgebase articles, blogs, white papers or handbooks that help the organization continuously improve security & compliance knowledge and awareness
- Remediation tracking and reporting
- Support of audit and security testing engagements
- Use and support of Governance, Risk Management and Compliance (GRC) tools
- Support of continuous process improvement, automation, and scripting
- Ability to leverage your technical education or experience to continue expanding your technical knowledge and to assist with practical implementations of technical controls
- Support of non-technical business functions to help arrive at practical solutions and control implementations that provide business value first, and meet regulatory requirements, second

**Hard Skills or Qualifications Required**
- Security standards and regulatory frameworks exposure (in any following areas: SOC 2, FedRAMP/NIST 800-53, ISO 27001, PCI, HIPAA or comparable)
- Knowledge of vulnerability management scanning tools and familiarity with industry standard risk scoring frameworks
- Maintaining security and compliance policies, procedures, and standards in a SaaS infrastructure (e.g., AWS, GCP, Azure).
- Experience supporting various aspects of a security operations center
- Knowledge of the SDLC and secure coding practices and standards
- General scripting and database knowledge (e.g., Python/Bash, PostgreSQL)
- General understanding of networking and computing infrastructure
- CISSP, CISM or comparable industry-standard information security certifications
- Strong English written and verbal communications skills

Nice to Haves:

- Experience supporting a FedRAMP readiness, authorization, or continuous monitoring process.
- Previous hands-on experience as a systems or network administrator managing configurations and implementations in direct response to security control requirements
- Knowledge of containerization platforms and web search and analytics engines and their respective security characteristics
- BS in Computer Science or Software Engineering

**SOFT Skills or Qualifications Required**
- Excellent interpersonal and communication skills to support collaboration with a variety of cross-functional teams
- Ability to manage expectations with manager and stakeholders
- Ability to address and resolve prioritization conflicts
- Critical thinking and the use of practical approaches and solutions to help resolve moderately complex problems
- Strong attention to detail
- Ability to use strong organizational skills to manage several tracks of work.