Job Details

Join to apply for the Security Compliance Analyst role at Zip

The simple task of buying software, services, or tools at work has become hopelessly complicated at even the most innovative companies in the world. Today, enterprises spend $120T+ per year globally (>30 times larger than annual consumer e-commerce spend) and rely on vendors more than ever before to run their businesses. Our cofounders started Zip in 2020 to address this seemingly intractable problem with a purpose-built procurement platform that provides a simple, consumer-grade user experience. Within the last 4 years, Zip has created a new category and developed the leading solution in this $50B+ TAM space. Today, the world's leading companies like OpenAI, Snowflake, Anthropic, Coinbase, and Prudential rely on Zip to manage billions of dollars in spend. We have a world-class team coming from category-defining companies like Airbnb, Meta, Stripe, Salesforce, Apple, and Google. With a $2.2 billion valuation and $370 million in funding from Y Combinator, Tiger Global, BOND, DST Global, and CRV, we're focused on developing cutting-edge technology, expanding into new global markets, and—above all–driving incredible value for our customers. Join us!

Your Role

The Security & Compliance team at Zip is committed to providing a high level of security assurance to customers, aligning security goals with business objectives and customer requirements. As a GRC Analyst at Zip, you'll be a key driver for ensuring the success of compliance programs at a fast-growing company. Your contributions will be pivotal to the overall growth and competitive edge of Zip's GRC program. You'll ensure we can securely and compliantly build new features, help design and scale the compliance programs that power our expansion, from supporting new certifications to enabling secure AI development and entry into new markets like the EU and U.S. Federal sector.

You Will

• Drive and perform periodic compliance-related activities, such as user access reviews, internal audits, and third party risk management
• Develop, implement, and improve core compliance projects, such as leading security awareness training initiatives and helping drive adoption of best practices across the company
• Curate responses for customer due diligence and security questionnaires and maintain our security knowledge base
• Collaborate with internal stakeholders and external auditors to support third party audits including SOC 1, SOC 2, and ISO 27001
• Develop, maintain, and lead the adoption of security policies, standards, and guidelines to ensure compliance with applicable regulatory requirements

Qualifications

• Bachelor's degree in a related field
• 2+ years of experience in GRC, information security consulting, cybersecurity risk, audits, or similar roles
• Strong written and verbal communication skills with both technical and non-technical stakeholders
• Familiarity with and participation in one or more of the following frameworks: ISO 27001, SOC 1, SOC 2, FedRAMP, PCI DSS
• Familiarity with information security fundamentals for cloud software systems

Nice to Haves

• Professional certifications in information security are a plus but not required

The salary range for this role is $95,000 - $150,000. The salary for this position is determined based on a variety of job-related factors that may include location, relevant experience, education, or particular skills and expertise.

Perks & Benefits

• ???? Start-up equity
• ???? Full health, vision & dental coverage
• ????️ Catered lunches & dinners for SF employees
• ???? Commuter benefit
• ???? Team building events & happy hours
• ???? Flexible PTO
• ???? Apple equipment plus home office budget
• ???? 401k plan