Security Compliance Analyst

At Scale, we are driving the future of AI and Machine Learning across a variety of industries. As the Security Compliance Analyst, you will play a pivotal role in the continued success of Scale. Your role will be instrumental in ensuring the effective operation of our Security and Compliance departments, allowing us to maintain the highest standards in our industry.

Reporting into the Security Compliance team, you will be working cross functionality with all teams within the Security department, including Product Security, Security Operations, Infrastructure Security, as well as partner teams such as Legal, HR, and Operations. You will also support both our Commercial and Public Sector business, ensuring that our security and compliance measures meet the specific needs of these different sectors.

Location: San Francisco (2-3x per week in office)

You Will:

• Help create, maintain, and improve security compliance initiatives (SOC 2, FedRAMP, ISO 27001).
• Collaborate with product, engineering, operations, people operations, and legal to implement new technical, administrative, and operational controls.
• Work with the go-to-market team on customer security due diligence, including security questionnaires and resolving current or prospective compliance requests. Furthermore, working on our GRC tool to ensure our Trust Center is up to date.
• Design, manage, and iterate on compliance initiatives across our remote worker network and business process outsourcing partners. 
• Develop and provide training to improve the security awareness and knowledge for all employees and contractors.
• Conduct and initiate quarterly user access reviews over critical applications to ensure privileged access remains up to date.
• Assist with internal and external security audits.

Ideally, You’d have:

• 3-5 years of related work experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry. Big 4 consulting experience is a plus.
• Prior experience assessing or auditing cloud environments (AWS, Azure, and GCP), performing compliance assessments, conducting risk assessments and/or driving audits like SOX, ISO, SOC, PCI DSS.
• Experience in security and compliance in a role that required cross-departmental collaboration.
• An action-oriented mindset, balancing creative problem-solving with a strong drive to achieve outcomes.
• Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space.
• Strong analytical, communication (verbal and written), and project management skills.
• Experience leading day-to-day activities, improving processes, and owning outcomes.
• Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms such as AWS, Azure or GCP.

Nice to haves:

• Experience in a high-growth technology company.
• Experience applying AI or Machine Learning.
• Previous work as a security consultant or Big 4 consulting.

Note this role must be based within the continental United States and requires current US Citizenship to support Scale’s Public Sector business.