Senior Internal Risk & Compliance Analyst at Auth0
Remote
Auth0 is a unicorn that just closed a $120M Series F round of funding, with total capital raised to date of $330M and valuation of nearly $2B. We are growing rapidly and looking for exceptional new team members to add to our exceptional talent pool - and who will help take us to the next level of success. One team, one score. 
Our vision is to provide people with secure access to any application in one click or less. And our promise is to make identity work for everyone—whether you’re a developer looking to innovate, or a security professional looking to mitigate. We are looking for curious, excited, boundary-pushing team members. So, if you’re a big thinker who is nimble and adaptable, Auth0 may be an ideal place for you to shine.
The Senior Internal Risk & Compliance (IR&C) Analyst is an intermediate level role responsible for performing moderately complex assessments of Auth0’s risk and control environment in coordination with Auth0’s third party assessments, regulations, and standards.  
We strive to maintain a welcoming and inclusive culture built on the principle of "No B.A.P." (No BS, No A-holes, No Politics). The mission of the Auth0 Governance, Risk and Compliance (GRC) team is to provide evidence that builds customer trust in Auth0’s management of security and privacy, by obtaining relevant industry certifications and making audit information available to assist customers in satisfying their compliance requirements.

Responsibilites:

  • Document internal controls related to Auth0’s compliance certifications.
  • Interview internal resources and review process documentation to assess compliance with established controls and identify gaps.
  • Complete assigned audits within set timeframes.
  • Draft audit reports, and present issues to the business while discussing practical solutions.
  • Contribute to the development of audit process improvements, including the development of automation, where applicable.
  • Appropriately assess risk when evaluating gaps and issues identified. 
  • Perform security and compliance checks on new vendors as part of the onboarding process.
  • Conduct periodic reviews of vendors’ certifications and compliance.
  • Track compliance gaps, suggest solutions, and test the remediation of gaps to meet deadlines.
  • Support the GRC team in ensuring compliance with industry regulations and assisting with the external audits.

Skills and Abilities:

  • Bachelor’s degree in Computer Science, Management Information Systems or Business Administration, or relevant educational or professional experience.
  • Minimum 3 years work experience in compliance within the software industry.
  • Excellent written and verbal communication skills (English).
  • Knowledge of industry cloud technologies.
  • Knowledge of certifications and standards such as SOC-2, HIPAA, PCI-DSS, CSTAR, ISO 27001, ISO 27018, GDPR, FedRAMP, and SOX.
  • Knowledge of financial controls and implementation.
  • Experience with information security principles/practices.
  • Experience with privacy principles/practices.
  • Experience with software development practices.
  • Passionate about security, privacy and compliance.
  • Self-motivated, quick learner, fast researcher.
  • Have experience with and are comfortable with a remote working environment.

Extra Points:

  • Public Accounting/Big 4 Consulting experience.
  • Technical information security experience.
  • CIA, CISA, or relevant certifications.

Preferred Locations:

  • #US; #CA; #ES;
Auth0 safeguards more than 4.5 billion login transactions each month and its top priorities are availability and security.
We like to think that we are helping make the internet safer. Our team is spread across more than 35 countries and we are proud to continually be recognized as a great place to work. Culture is critical to us, and we are transparent about our vision and principles
Auth0 is an Equal Employment Opportunity employer. Auth0 conducts all employment-related activities without regard to race, religion, color, national origin, age, sex, marital status, sexual orientation, disability, citizenship status, genetics, or status as a Vietnam-era special disabled and other covered veteran status, or any other characteristic protected by law. Auth0 participates in E-Verify and will confirm work authorization for candidates residing in the United States.