Sr. Compliance Analyst at Auth0
United States of America
Auth0 provides a secure, highly available, enterprise-grade platform that secures billions of log-ins every year. The company makes it easy to implement even the most complex identity solutions for their web, mobile, IoT and internal applications, as well as sophisticated identity management for employees, customers and partners. Thousands of enterprises and millions of users worldwide depend on Auth0 for authentication and authorization of their most mission-critical apps, APIs and IoT devices. Auth0’s top priorities are availability and security.
 
Auth0 is loved by developers and trusted by global enterprises. More than 500.000 unique users visit Auth0.com each month due to our compelling content and the functionality of our identity platform. Our mission is to simplify developers' lives, improve security, and reduce identity TCO for our enterprise customers, by making identity simple, secure and extensible. We strive to maintain a welcoming and inclusive culture built on the principle of "No B.A.P." (No BS, No A-holes, No Politics).
 
The mission of the Auth0 Governance, Risk and Compliance (GRC) team is to provide evidence that builds customer trust in Auth0’s management of security and privacy, by obtaining relevant industry certifications and making audit information available to assist customers in satisfying their compliance requirements.

Responsibilities:

    • Support the GRC team in ensuring compliance with industry regulations and working with independent, external auditors to demonstrate such compliance to achieve certification of compliance.
    • Stay abreast of industry requirements for certifications relevant to Auth0’s business
    • Respond to customer inquiries on compliance related matters
    • Conduct periodic reviews of vendors’  certifications and compliance
    • Create and deliver customer facing compliance and privacy documentation
    • Have a clear understanding of cloud computing services/deployment architecture.
    • Maintain knowledge of certifications and controls such as NIST 800-53, SOC-2, HIPAA, PCI-DSS, ISO 27001, GDPR, HITRUST FedRAMP
    • Develop control definitions and pass criteria for compliance
    • Interview internal resources and review process documentation to assess compliance with established controls and identify gaps
    • Track compliance gaps and ensure work to remediate gaps meets deadlines
    • Experience with monitoring and automating security controls.
    • Organize and present audit documents for review with external auditors
    • Conduct internal audits to identify risks and manage risk-tracking efforts
    • Drive innovation to improve compliance effectiveness and efficiency

Requirements:

    • Bachelor’s degree in Computer Science or Business Administration, or relevant educational or professional experience
    • Minimum 3 years work experience in compliance within the software industry
    • Excellent written and verbal communication skills (English)
    • Knowledge of industry cloud technologies
    • Knowledge of certifications and standards such as SOC-2, HIPAA, PCI-DSS, CSTAR,ISO 27001, and GDPR
    • Knowledge of financial controls and implementation
    • Experience with information security principles/practices
    • Experience with privacy principles/practices
    • Some experience with software development practices
    • Passionate about security, privacy and compliance
    • Self-motivated, quick learner, fast researcher
    • Have experience with and are comfortable with a remote working environment

Extra Points:

    • Public Accounting/Big 4 Consulting experience
    • Technical information security experience
Auth0 is an Equal Employment Opportunity employer. Auth0 conducts all employment-related activities without regard to race, religion, color, national origin, age, sex, marital status, sexual orientation, disability, citizenship status, genetics, or status as a Vietnam-era special disabled and other covered veteran status, or any other characteristic protected by law. Auth0 participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.