Compliance Manager at Auth0
Seattle, WA, US
Thousands of enterprises and millions of users worldwide depend on Auth0 for authentication and authorization of their most mission-critical apps, APIs and IoT devices. Auth0’s top priorities are availability and security. The mission of the Auth0 Compliance team is to provide evidence that builds customer trust in Auth0’s management of security and privacy, by obtaining relevant industry certifications and making audit information available to assist customers in satisfying their compliance requirements.

Responsibilities

Responsible for ensuring compliance with industry regulations and working with independent, external auditors to demonstrate such compliance to achieve certification of compliance.
Stay abreast of industry requirements for certifications relevant to Auth0’s business
Maintain in-depth knowledge of certifications and controls such as SOC2, HIPAA, PCI-DSS, ISO27001, GDPR, NIST, 21CFRpart11, FedRAMP
Develop control definitions and pass criteria for compliance
Interview internal resources and review process documentation to assess compliance with established controls and identify gaps
Work with other teams to identify solutions for compliance gaps
Track compliance gaps and ensure work to remediate gaps meets deadlines
Conduct periodic reviews of policies, procedures and operations for compliance
Conduct periodic reviews of vendors’ certifications and compliance
Organize and present audit documents for review with external auditors
Create and deliver training to employees on compliance topics
Define and monitor metrics on compliance progress
Drive innovation to improve compliance effectiveness and efficiency
Meet with customers to resolve concerns related to privacy, security and compliance
Requirements

Minimum 3 years work experience in compliance within the software industryExperience with certifications such as SOC2, HIPAA, PCI-DSS, ISO27001
Experience with information security principles/practices
Experience with privacy principles/practices
Some experience with software development practices
Excellent written and verbal communication skills (English)
Passionate about security, privacy and compliance